Configuring MAC address-based security 175—End—With Web access enabled, the switch can support a maximum of fourconcurrent Web page users. Two predefined user levels are available, andeach user level has a corresponding username and password.Table 82 "User levels and access levels" (page 175) shows an example ofthe two predefined user levels available and their access level within theWeb-based management user interface.Table 82User levels and access levelsUser level User name foreach levelPassword for eachuser level Access LevelRead-only RO XXXXXXXX Read onlyRead/write RW XXXXXXXX Full read/writeaccessConfiguring MAC address-based securityThe MAC address-based security system lets you specify a range of systemresponses to unauthorized network access to your switch by using theWeb-based management system.The system response can range from sending a trap to disabling the port.The network access control is based on the MAC Source Addresses (SAs)of the authorized stations. You can specify a list of up to 448 MAC SAs thatare authorized to access the switch. You can also specify the ports thateach MAC SA is allowed to access. The options for allowed MAC SA portaccess include: NONE, ALL, and single or multiple ports that are specifiedin a list, for example, one to four, six, nine, and so on. You must also includethe MAC SA of any router connected to any secure ports.After the switch software detects an SA security violation, the response canbe to send a trap, turn on Destination Address (DA) filtering for all SAs,disable the specific port, or any combination of these three options.You can also configure the Ethernet Routing Switch 2500 Series to dropall packets that have a specified MAC Destination Address (DA). You cancreate a list of up to 10 MAC DAs that you want to filter. The packet withthe specified MAC DA is dropped regardless of the ingress port, SourceAddress (SA) intrusion, or VLAN membership.Nortel Ethernet Routing Switch 2500 SeriesSecurity — Configuration and ManagementNN47215-505 (323165-B) 02.01 Standard4.1 19 November 2007Copyright © 2007, Nortel Networks.