Manualshelf

Specifications

ManualsBrandsEnterasys ManualsAntennaOutdoor Antenna
31323334353637383940
2-3
UPN Support
UPN Support
User Personalized Networks (UPN) is an architecture that allows network administrators to
map network services to identified users, machines, peripherals and other network entities.
UPN consists of three tiers:
Classification rules make up the first or bottom tier. The rules apply to devices in the
UPN environment, such as switches, routers and the RoamAbout R2. The rules are
designed to be implemented at or near the user’s point of entry to the network. The
rules are typically at Layer 2, 3, or 4 of the ISO network model.
The middle tier is Services, which allows multiple classification rules to be aggregated.
Services can include e-mail and Internet access.
Roles, or Behavioral Profiles make up the top tier. The roles assign services to various
business functions or departments, such as executive, sales, and engineering.
To implement most roles, UPN requires authentication such as MAC address or 802.1X
using EAP-TLS, EAP-TTLS, or EAP-PEAP. Authorization information, attached to the
authentication response, determines the application of the UPN policy. One way to
communicate the authorization information is to include the Policy Name in a RADIUS
Filter-ID attribute. A UPN administrator can also define a role to be implemented in the
absence of an authentication and authorization.
The RoamAbout R2 supports the UPN classification rules via the Enterasys Policy Profile
MIB. The supported functions allow a UPN administrator to configure the R2 as follows:
Grant restricted access to an un-authenticated guest user.
Grant access to an authenticated user with an assigned role.
Support a default role for un-authenticated users or authenticated users without
authorization information.
Control access by IP subnet or address range.
Control access by TCP/UDP port number.
Fifty roles, with a maximum of 50 rules per role. Bilateral rules count as 2 rules.
The rules can only be implemented on the R2 by the Enterasys NetSight Policy Manager,
which is described on the web site at www.enterasys.com/netsight
. The R2 tools, such as
console port, AP Manager, or web interface, cannot access any aspect of UPN support.
The R2 only supports UPN in workgroup bridge mode. In addition, the wireless clients
must be communicating using IPv4. The R2 only supports UPN rules that apply to IPv4
packet format.