5RADIUS authenticationThe RADIUS security feature allows theEthernet Switch 425 to require a user-name and password to access the switch.This username and password have theadvantage of being centrally adminis-tered, allowing easy changes and accesscontrol to be granted for switch access(including Console, Telnet and Web).In the event that the RADIUS server isunreachable, the network manager canuse the local switch password to log intothe switch.Secure Shell Access (SSH)Secure Shell (SSHv2) supports strongauthentication and encrypted communi-cations to the switch for management.An SSH connection from a client to theswitch provides a secure network connec-tion for menu or CLI commands. Thisfeature is ideal for security-consciouscustomers.SNMPv3SNMPv3 provides user authenticationand data encryption for higher securityfor switch management via SNMP. Italso offers secure configuration andmonitoring and can be used in combi-nation with Nortel network managementapplications.HTTP port number changeThis feature allows you to specify theUDP/TCP port number to be used forHypertext Transfer Protocol (HTTP)switch connections. Beginning withsoftware release 3.5, the HTTP portnumber can be changed to enhancedsecurity and network access.Traffic management andQuality of ServiceIEEE 802.1p priority queuing802.1p priority queuing is a standards-based Quality of Service mechanismthat enables the Ethernet Switch 425 toforward packets in priority order on aper-port basis. 802.1p can be utilized ifVLAN tagging (802.1Q) is enabled onthe port as the priority information iscontained in the 802.1Q VLAN tag.The Ethernet Switch 425 supports fourqueues for the classification and prioriti-zation on network traffic. For example,if messages from a specific segment arecrucial to the network, the switch portconnected to that segment can be set toa higher priority level to ensure thattraffic is queued to the destinationsbefore other traffic.DSCP classificationThis feature enables the Ethernet Switch425 models to classify the DiffServ CodePoint (DSCP) field within the incomingIP packet. Based on the classification ofthe DSCP value, the switch can prioritizethe packet to any one of eight possible802.1p priorities within the switch. Thiscan then enable the prioritization ofspecific traffic types — for example,voice based on the DSCP setting.Broadcast and MulticastRate LimitingBroadcast and Multicast Rate Limitingallow the switch to apply limits to theamount of incoming broadcast andmulticast traffic across the switch. Thethresholds can be configured accordingto network requirements, enabling theadministrator control over this type oftraffic which can cause disruption toother normal data. If the configuredthreshold is exceeded on a port, theswitch will drop extra packets receivedto protect the network.Switch managementDefault IP addressThe Ethernet Switch 425 enables rapidsetup through the setup of a Default IPaddress. This enables an administratorto connect to the switch using a standardnetwork cable and configuration canthen quickly occur using any of thefollowing features.Username and passwordauthenticationThe Ethernet Switch 425 provides localswitch management using username andpassword authentication. The networkmanager can assign Read Only or Read/Write privileges to different users formanagement access to the switch.Figure 6. Distributed Multi-Link Trunking (DMLT) across a stackServerEthernet Switch 425 switchesEthernet Routing Switch 1612GDMLT across the stack withload-balancing and fail-overprotection for uninterruptedaccess to servers or thenetwork center