82CHAPTER 4: USING 3COM NETWORK ACCESS MANAGER WITHIN A NETWORK

select the VLAN ID, QoS profile and EFW policy (if appropriate) for each rule.

6Associate the new rules with users and groups already listed in Active Directory.

7Ensure the network operators or those individuals responsible for applying the rules have the Network Operator component of 3Com Network Access Manager installed on their PC.

Network Operator The following provides an overview of the tasks for a network operator Tasks responsible for controlling user access to the network domain.

On being informed that a user or group needs to be granted access to a particular VLAN on the network, use the Active Directory Users and Computers interface to perform the following:

1Either:

click on Users in the Tree pane, or

if Organizational Units have been created, click on the organizational units subfolders until you reach the desired unit holding the user or group.

2Highlight the user or group, and right-click. Select Properties.

3Select the Network Access tab from the Properties dialog window.

A list of rules that the operator has permission to apply will be displayed.

4Identify the rule that will enable the user to access the particular VLAN, and tick the rule to apply it to the user.

5Click OK and exit the Active Directory Users and Computers interface.

What Happens When

The following takes place when a user connects and logs into the

A User Logs In

network domain.

1The user’s PC connects to the network and the user logs in with a username.

2The IEEE 802.1X client on the PC sends the user’s ID and credentials to the switch. At this stage, the port on the switch is blocked and the PC cannot connect to the rest of the network.

3The switch sends the user's details via RADIUS to IAS.

Page 82
Image 82
3Com DUA1550-0AAA02 manual User Logs Network domain