Support User Manuals

Enterasys Networks 7KR4297-02 Switch User Manual

Open as PDF

of 64

Secure Networks Policy Support

1-4 Introduction

Secure Networks Policy Support

PolicyEnabledNetworkingmanagestheallocationofnetworkinginfrastructureresourcesina

secureandeffectivemanner.UsingSecureNetworksPolicy,anITAdministratorcanpredictably

assignappropriateresourcestotheUsers,Applications,andServicesthatusethenetwork;while

blockingorcontainingaccessforinappropriateorpotentiallydangerousnetworktraffic.Using



thistechnologyitispossible,forthefirsttime,toalignITserviceswiththeneedsofspecificusers

andapplications,andtoleveragethenetworkasakeycomponentoftheorganization’ssecurity

strategy.

TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,Network

Services,andBehavioralProfiles.

Thesearedefinedasfollows:

• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer3,and

Layer4informationinthedatapacket)aretreatedbyeachSwitch orRouter.Ingeneral,

ClassificationRulesareappliedtothenetworkinginfrastructureatthenetworkedge/ingress

point.

•NetworkServicesare

logicalgroupsofClassificationRulesthatidentifyspecificnetworked

applicationsorservices.Usersmaybepermittedordeniedaccesstotheseservicesbasedon

theirrolewithintheorganization.Priorityandbandwidthratelimitingmayalsobecontrolled

usingNetworkServices.

•BehavioralProfiles(orroles)areusedtoassignNetworkServices

togroupsofuserswho

sharecommonneeds–forexampleExecutiveManagers,HumanResourcesPersonnel,or

GuestUsers.Access,resources,andsecurityrestrictionsareappliedasappropriatetoeach

BehavioralProfile.Avarietyofauthenticationmethodsincluding802.1X,EAP‐TLS,EAP‐

TTLS,andPEAPmaybeusedtoclassifyandauthorizeeach

individualuser;andtheIT

AdministratormayalsodefineaBehavioralProfiletoapplyintheabsenceofan

authenticationframework.

Standards Compatibility

TheDFE‐DiamondmodulesarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,

802.1D‐1998,and802.1Q‐1998standards.TheDFE‐DiamondmoduleprovidesIEEE802.1D‐1998

SpanningTreeAlgorithm(STA)supporttoenhancetheoverallreliabilityofthenetworkand

protectagainst“loop”conditions.

LANVIEW Diagnostic LEDs

LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidinganeasyway

toobservethestatusofindividualportsandoverallnetworkoperations.

previous next