Installation guide
Secure Networks Policy Support
1-6 Introduction
Secure Networks Policy Support
PolicyEnabledNetworkingmanagestheallocationofnetworkinginfrastructure
resourcesinasecureandeffectivemanner.UsingSecureNetworksPolicy,anIT
AdministratorcanpredictablyassignappropriateresourcestotheUsers,Applications,
andServicesthatusethenetwork;whileblockingorcontainingaccessforinappropriate
orpotentiallydangerousnetworktraffic.
Usingthistechnologyitispossible,forthefirst
time,toalignITserviceswiththeneedsofspecificusersandapplications,andtoleverage
thenetworkasakeycomponentoftheorganization’ssecuritystrategy.
TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,
NetworkServices,andBehavioral
Profiles.Thesearedefinedasfollows:
• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer
3,andLayer4informationinthedatapacket)aretreatedbyeachSwitchorRouter.In
general,ClassificationRulesareappliedtothenetworkinginfrastructureatthe
networkedge/ingresspoint.
•NetworkServices
arelogicalgroupsofClassificationRulesthatidentifyspecific
networkedapplicationsorservices.Usersmaybepermittedordeniedaccesstothese
servicesbasedontheirrolewithintheorganization.Priorityandbandwidthrate
limitingmayalsobecontrolledusingNetworkServices.
•BehavioralProfiles(orroles)areusedtoassignNetwork
Servicestogroupsofusers
whosharecommonneeds–forexampleExecutiveManagers,HumanResources
Personnel,orGuestUsers.Access,resources,andsecurityrestrictionsareappliedas
appropriatetoeachBehavioralProfile.Avarietyofauthenticationmethodsincluding
802.1X,EAP‐TLS,EAP‐TTLS,andPEAPmaybeusedtoclassifyand
authorizeeach
individualuser;andtheITAdministratormayalsodefineaBehavioralProfileto
applyintheabsenceofanauthenticationframework.
LANVIEW Diagnostic LEDs
LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidingan
easywaytoobservethestatusofindividualportsandoverallnetworkoperations.