Secure Networks Policy Support
1-4 Introduction
Secure Networks Policy Support
PolicyEnabledNetworkingmanagestheallocationofnetworkinginfrastructureresourcesina
secureandeffectivemanner.UsingSecureNetworksPolicy,anITAdministratorcanpredictably
assignappropriateresourcestotheUsers,Applications,andServicesthatusethenetwork;while
blockingorcontainingaccessforinappropriateorpotentiallydangerousnetworktraffic.Using
thistechnologyitispossible,forthefirsttime,toalignITserviceswiththeneedsofspecificusers
andapplications,andtoleveragethenetworkasakeycomponentoftheorganization’ssecurity
strategy.
TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,Network
Services,andBehavioralProfiles.
Thesearedefinedasfollows:
• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer3,and
Layer4informationinthedatapacket)aretreatedbyeachSwitch orRouter.Ingeneral,
ClassificationRulesareappliedtothenetworkinginfrastructureatthenetworkedge/ingress
point.
•NetworkServicesare
logicalgroupsofClassificationRulesthatidentifyspecificnetworked
applicationsorservices.Usersmaybepermittedordeniedaccesstotheseservicesbasedon
theirrolewithintheorganization.Priorityandbandwidthratelimitingmayalsobecontrolled
usingNetworkServices.
•BehavioralProfiles(orroles)areusedtoassignNetworkServices
togroupsofuserswho
sharecommonneeds–forexampleExecutiveManagers,HumanResourcesPersonnel,or
GuestUsers.Access,resources,andsecurityrestrictionsareappliedasappropriatetoeach
BehavioralProfile.Avarietyofauthenticationmethodsincluding802.1X,EAP‐TLS,EAP‐
TTLS,andPEAPmaybeusedtoclassifyandauthorizeeach
individualuser;andtheIT
AdministratormayalsodefineaBehavioralProfiletoapplyintheabsenceofan
authenticationframework.
Standards Compatibility
TheDFE‐DiamondmodulesarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,
802.1D‐1998,and802.1Q‐1998standards.TheDFE‐DiamondmoduleprovidesIEEE802.1D‐1998
SpanningTreeAlgorithm(STA)supporttoenhancetheoverallreliabilityofthenetworkand
protectagainst“loop”conditions.
LANVIEW Diagnostic LEDs
LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidinganeasyway
toobservethestatusofindividualportsandoverallnetworkoperations.