Concepts and Terminology

15

systems. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for network access servers (desktop switches and wireless access points acting as radius clients), see Figure 2.

Remote Access Policy

For 3Com Network Access Manager to authenticate users and computers accessing the network, an IAS Remote Access Policy must be created. Appendix A provides step by step instructions on how to create a Remote Access Policy.

In a mixed-vendor network where only 3Com switches are to be authenticated through 3Com Network Access Manager, the Remote Access Policy needs to be adjusted to only match 3Com devices.

Figure 2 Network Access Servers within a Domain

Microsoft Active Directory

RADIUS protocol with VLAN and QoS associations

Microsoft

Internet Authentication Service with 3Com Network Access Manager

Network Access

Servers

SuperStack3 Switch 4400

SuperStack4 Switch 5500

Wireless LAN Access Points

Rules 3Com Network Access Manager provides its functionality through a set of rules implemented in Active Directory. Each rule comprises a priority, a Network Access setting (allow/deny), an optional authorization response (VLAN and QoS), and an optional EFW policy name.

Users, groups and computers (through the MAC address of the PC) are associated with rules. When multiple rules are associated with a user, group or computer then the rule with the highest priority takes precedence.

Page 14 Page 16
Page 15
Image 15
3Com DUA1550-0AAA02 manual Remote Access Policy, Network Access Servers within a Domain
Page 14 Page 16
Top Page Image Contents