84CHAPTER 4: USING 3COM NETWORK ACCESS MANAGER WITHIN A NETWORK
Case Study 5 - | Combining Auto VLAN with |
Removing Infected | infected PCs to be moved to a separate network, until the network |
Devices From The | administrator has removed any viruses or worms. |
Network |
|
Network | The following provides an overview of the tasks for a network |
Administrator Tasks | administrator responsible for the domain on the network. |
1Ensure edge port security is set to
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2Select the Default Rule and set the Network Access to Allow, see “Changing Rule Properties” in Chapter 3.
3Create VLANs and QoS profiles. Use the same VLAN IDs and QoS profile IDs as set up in the network access device (switch or wireless access point), otherwise the network access device may not accept the RADIUS response.
4Decide which VLAN will be the Isolation VLAN.
5Create an Isolation rule.
a Set security permissions for the Isolation rule. Grant READ and WRITE access to the users/groups permitted to apply the rule, grant READ access to all Network Administrators in the domain to ensure they can see that the rule exists even if they are not permitted to apply the rule.
b Set the Actions for the Isolation rule:
■select the rule priority, an Isolation rule should have a high priority to ensure it takes precedence over other rules,
■set Network Access to Allow,
■select the VLAN ID of the Isolation VLAN.
6Ensure the network operators or those individuals responsible for applying the rule have the Network Operator component of 3Com Network Access Manager installed on their PC.
