Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

191

192

193

194

195

196

197

198

199

200

How Can I Implement Policy?

May 18, 2009 Page 2 of 32

Securitycanbeenhancedbyallowingonlyintendedusersanddevicesaccesstonetwork

protocolsandcapabilities.Someexamplesare:

•EnsuringthatonlyapprovedstationscanuseSNMP,preventingunauthorizedstationsfrom

viewing,reading,andwritingnetworkmanagementinformation

•Preventingedgeclientsfromattachingnetworkservicesthatareappropriatelyrestrictedto

data

centersandmanagedbytheenterpriseITorganizationsuchasDHCPandDNSservices

• IdentifyingandrestrictingroutingtolegitimateroutingIPaddressestopreventDoS,

spoofing,dataintegrityandotherroutingrelatedsecurityissues

•EnsuringthatFTP/TFTPfiletransfersandfirmwareupgradesonlyoriginatefromauthorized

fileandconfigurationmanagement

servers

•PreventingclientsfromusinglegacyprotocolssuchasIPX,AppleTalk,andDECnetthat

shouldnolongerberunningonyournetwork

EnterasysNetSightPolicyManagerprovidesacentralizedpointandclickconfiguration,andone

clickpushingofdefinedpolicyouttoallnetworkelements.UsetheEnterasy sNetSightPolicy

Managerfor

easeofinitialconfigurationandresponsetosecurityandprovisioningissuesthat

maycomeupduringreal‐timenetworkoperation.

How Can I Implement Policy?

Toimplementpolicy:

•Identifytherolesofusersanddevicesinyourorganizationthataccessthenetwork

• Createapolicyroleforeachidentifieduserrole

• Associateclassificationrulesandadministrativeprofileswitheachpolicyrole

• Optionally,configureaclassofserviceandassociateitdirectlywiththepolicyroleorthrough

classificationrule

• Optionally,enablehybridauthentication,whichallowsRADIUSfilter‐IDandtunnel

attributestobeusedtodynamicallyassignpolicyrolesandVLANstoauthenticatingusers

• Optionally,setdeviceresponsetoinvalidpolicy

Policy Overview

Introduction

Thissectionprovidesanoverviewofpolicyconfiguration.PolicyisimplementedonanEnterasys

platformbyassociatingusersanddevicesinthenetworkwithdefinedenterpriseroles(suchas

sales,engineering,oradministration)thatareconfiguredinapolicyrole.Thepolicyroleis

associatedwithrulesthatdefinehownetwork

resourceswillbeprovisionedandcontrolledfor

rolemembers,aswellashowsecuritywillbeappliedtotherolemember.Anadministrative

profileassociatesaspecificrolemembertrafficclassificationwithapolicyrole.

Note: In a CLI configuration context, the policy role is configured within a policy profile using the set

policy profile command. Through out this discussion, policy role and policy profile mean the same

thing.