Datasheet
5
RADIUS authentication
The RADIUS security feature allows the
Ethernet Switch 425 to require a user-
name and password to access the switch.
This username and password have the
advantage of being centrally adminis-
tered, allowing easy changes and access
control to be granted for switch access
(including Console, Telnet and Web).
In the event that the RADIUS server is
unreachable, the network manager can
use the local switch password to log into
the switch.
Secure Shell Access (SSH)
Secure Shell (SSHv2) supports strong
authentication and encrypted communi-
cations to the switch for management.
An SSH connection from a client to the
switch provides a secure network connec-
tion for menu or CLI commands. This
feature is ideal for security-conscious
customers.
SNMPv3
SNMPv3 provides user authentication
and data encryption for higher security
for switch management via SNMP. It
also offers secure configuration and
monitoring and can be used in combi-
nation with Nortel network management
applications.
HTTP port number change
This feature allows you to specify the
UDP/TCP port number to be used for
Hypertext Transfer Protocol (HTTP)
switch connections. Beginning with
software release 3.5, the HTTP port
number can be changed to enhanced
security and network access.
Traffic management and
Quality of Service
IEEE 802.1p priority queuing
802.1p priority queuing is a standards-
based Quality of Service mechanism
that enables the Ethernet Switch 425 to
forward packets in priority order on a
per-port basis. 802.1p can be utilized if
VLAN tagging (802.1Q) is enabled on
the port as the priority information is
contained in the 802.1Q VLAN tag.
The Ethernet Switch 425 supports four
queues for the classification and prioriti-
zation on network traffic. For example,
if messages from a specific segment are
crucial to the network, the switch port
connected to that segment can be set to
a higher priority level to ensure that
traffic is queued to the destinations
before other traffic.
DSCP classification
This feature enables the Ethernet Switch
425 models to classify the DiffServ Code
Point (DSCP) field within the incoming
IP packet. Based on the classification of
the DSCP value, the switch can prioritize
the packet to any one of eight possible
802.1p priorities within the switch. This
can then enable the prioritization of
specific traffic types — for example,
voice based on the DSCP setting.
Broadcast and Multicast
Rate Limiting
Broadcast and Multicast Rate Limiting
allow the switch to apply limits to the
amount of incoming broadcast and
multicast traffic across the switch. The
thresholds can be configured according
to network requirements, enabling the
administrator control over this type of
traffic which can cause disruption to
other normal data. If the configured
threshold is exceeded on a port, the
switch will drop extra packets received
to protect the network.
Switch management
Default IP address
The Ethernet Switch 425 enables rapid
setup through the setup of a Default IP
address. This enables an administrator
to connect to the switch using a standard
network cable and configuration can
then quickly occur using any of the
following features.
Username and password
authentication
The Ethernet Switch 425 provides local
switch management using username and
password authentication. The network
manager can assign Read Only or Read/
Write privileges to different users for
management access to the switch.
Figure 6. Distributed Multi-Link Trunking (DMLT) across a stack
Server
Ethernet Switch 425 switches
Ethernet Routing Switch 1612G
DMLT across the stack with
load-balancing and fail-over
protection for uninterrupted
access to servers or the
network center