Enterasys-networks Enterasys Matrix 9034310-01 Manuel d'utilisateur télécharger pdf (Page 21)

Secure Networks Policy Support

Matrix DFE-Platinum Series Installation Guide 1-5

Secure Networks Policy Support

AfundamentalconceptthatiskeytotheimplementationoftheEnterasysSecureNetworks

methodologyispolicy‐enablednetworking.Thisapproachprovidesusersofthenetworkwiththe

resourcestheyneed‐inasecurefashion–whileatthesametimedenyingaccesstoapplicationsor

protocolsthataredeemedinappropriate

basedontheuser’sfunctionwithintheorganization.By

adoptingsucha“user‐personalized”model,itispossibleforbusinesspoliciestobetheguidelines

inestablishingthetechnologyarchitectureoftheenterprise.Twomajorobjectivesareachievedin

thisway:ITservicesarematchedappropriatelywithindividualusers;and

thenetworkitself

becomesanactiveparticipantintheorganization’ssecuritystrategy.TheSecureNetworks

architectureconsistsofthreetiers:

• Classificationrulesmakeupthefirstorbottomtier.TherulesapplytodevicesintheSecure

Networksenvironment,suchasswitchesandrouters.Therulesaredesignedtobe

implemented

atorneartheuser’spointofentrytothenetwork.Rulesmaybewrittenbased

oncriteriadefinedintheLayer2,Layer3orLayer4informa tionofthedataframe.

•ThemiddletierisServices,whicharecollectionsofindividualclassificationrules,grouped

logicallytoeitherpermit

ordenyaccesstoprotocolsorapplicationsbasedontheuser’srole

withintheorganization.Priorityandbandwidthratelimitingmayalsobedefinedinservices.

•Roles,orbehavioralprofiles,makeupthetoptier.Therolesassignservicestovarious

businessfunctionsordepartments,suchasexecutive,sales,andengineering.



Toenhancesecurityanddeliveratruepolicy‐basedinfrastructure,theEnterasysSecureNetworks

methodologycantakeadvantageofauthenticationmethods,suchas802.1X,usingEAP‐TLS,EAP‐

TTLS,orPEAP,aswellasothertypesofauthentication.Authorizationinformation,attachedtothe

authenticationresponse,determinestheapplicationofpolicy.

Authorizationinform ationis

communicatedviathepolicynameinaRADIUSFilter‐IDattribute.Anadministratorcanalso

definearoletobeimplementedintheabsenceofanauthenticationframework.Refertothe

releasenotesshippedwiththemodulefordetails.

Standards Compatibility

TheDFEmodulesarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,802.1D‐1998,and

802.1Q‐1998standards.TheDFEmoduleprovidesIEEE802.1D‐1998Spanning TreeAlgorithm

(STA)supporttoenhancetheoverallreliabilityofthenetworkandprotectagainst“loop”

conditions.

LANVIEW Diagnostic LEDs

LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidinganeasyway

toobservethestatusofindividualportsandoverallnetworkoperations.

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 57 58

Pas de commentaire

Enterasys-networks Enterasys Matrix 9034310-01 Manuel d'utilisateur Page 21