Using the BayStack 450 10/100/1000 Series Switch1-28 309978-D Rev 01You must also specify the Microsoft 2001 IAS server (or any generic RADIUSserver that supports EAP) as the primary RADIUS server for these devices.You can manage network access to your switch or stack using the CI menus andscreens as described in Chapter 3, “Using the Console Interface,” or you can usethe Optivity SecureLAN application (refer to Managing Network Access withOptivity SecureLAN [Part number 312688-A]).Configuration RulesThe following configuration rules apply to your BayStack 450 switch when usingEAPOL-based security:• Before configuring your switch, you must configure the Primary RADIUSServer and Shared Secret fields (see “Console/Comm Port Configuration” onpage 3-100).• You cannot configure EAPOL-based security on ports that are currentlyconfigured for:-- MultiLink Trunking-- MAC address-based security-- IGMP (Static Router Ports)-- ATM-- Port mirroring• You can connect a single client only on each port that is configured forEAPOL-based security.RADIUS-Based SecurityThe RADIUS-based security feature allows you to set up network access control,using the RADIUS (Remote Authentication Dial-In User Services) securityprotocol.The feature uses the RADIUS protocol to authenticate local console, TELNET,and EAPOL-authorized logins.You must set up specific user accounts (user names and passwords, andService-Type attributes) on your RADIUS server before the authenticationprocess can be initiated.
