Network Access Switch Owner's Manual
30 Overview
Filters only enforcement uses two VLANs: Red and VoIP. A client
computer is placed in the Red VLAN where it is held pending successful
authentication. If successful, Nortel Health Agent integrity checking can be
used to determine if remediation is required. Filters are applied to direct
the client to the appropriate network resources but the client remains in
the same VLAN regardless of its status. This contrasts with VLANs and
filters where the client is moved to another VLAN in addition to applying
filters. Filters only handles IP phones in the same manner as VLANs
and filters.
With Filters only, there is less network configuration than with VLANs and
filters because there are only two VLANs (Red and VoIP) to configure.
However, the double layer of protection afforded with VLANs and filters
is not provided.
To configure the Nortel SNAS for Filters only enforcement, see
“Configuring groups” (page 156), enftype. Though configuring for Filters
only can result in higher DNS demands on the Nortel SNAS, using the
filter DHCP subnet type maintains these demands at the same level as
with VLANs and filters: for more information, see “Configuring local
DHCP services” (page 115).
DHCP hub subnet
DHCP hub subnet enforcement allows the Nortel SNAS to operate with
a broader range of Nortel ethernet switches as well as third party network
access devices. Unlike VLANs and filters and Filters only enforcement,
DHCP hub subnet enforcement does not require SSCP support on the
network access device.
The DHCP hub subnet configuration is an integral component of the
DHCP services provided by the Nortel SNAS. For more information, see
“Configuring local DHCP services” (page 115).
Groups and profiles
Users are organized in groups. In the user gorup we can specify Locaion
also. Group membership determines:
• user access rights
Within the group, extended profiles further refine access rights
depending on the outcome of the Nortel Health Agent checks.
• number of sessions allowed
• the Nortel Health Agent SRS rule to be applied
• what on the portal page after the user has been authenticated
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.










