Configuring Security options 21When RADIUS password fallback is disabled, you must specify the RADIUSusername and password from the NetLogin screen. Unless the RADIUSserver is configured and reachable, you cannot log on to the switch toauthenticate the login and password.The Radius password fallback feature is disabled by default.You can use the following CLI commands to enable and disable this feature:• radius-server password fallback• no radius-serverATTENTIONThe no radius-server CLI command disables the RADIUS fallback feature,along with the remaining RADIUS configuration.MAC address-based securityThe MAC address-based security feature lets you set up network accesscontrol, based on source MAC addresses of authorized stations.You can:• Create a list of up to 448 MAC addresses and specify which addressesare authorized to connect to your switch. The 448 MAC addressescan be configured within a single standalone switch, or they can bedistributed in any order among the units in a single stack configuration.• Specify which of your switch ports each MAC address is allowed toaccess.The options for allowed port access include: NONE, ALL, and single ormultiple ports that are specified in a list.• Specify optional actions to be exercised by your switch if the softwaredetects a security violation.The response can be to send a trap, turn on destination address (DA)filtering, disable a specific port, or any combination of these threeoptions.The MAC address-based security feature is based on Nortel BaySecureLAN Access for Ethernet, a real-time security system that safeguardsEthernet networks from unauthorized surveillance and intrusion.EAPOL-based securityThe Ethernet Routing Switch 2500 Series provides security on the basisof Extensible Authentication Protocol over LAN (EAPOL), and it uses theEAP as is given in the IEEE 802.IX so that you can set up a network accesscontrol over LANs. With EAP, you can authenticate user information througha connection between a client and the switch by using an authenticationNortel Ethernet Routing Switch 2500 SeriesSecurity — Configuration and ManagementNN47215-505 (323165-B) 02.01 Standard4.1 19 November 2007Copyright © 2007, Nortel Networks.