Enterasys Networks 7KR4297-02, 7KR4297-04 Secure Networks Policy Support, Standards Compatibility, LANVIEW Diagnostic LEDs

Secure Networks Policy Support

1-4 Introduction

Secure Networks Policy Support

PolicyEnabledNetworkingmanagestheallocationofnetworkinginfrastructureresourcesina

secureandeffectivemanner.UsingSecureNetworksPolicy,anITAdministratorcanpredictably

assignappropriateresourcestotheUsers,Applications,andServicesthatusethenetwork;while

blockingorcontainingaccessforinappropriateorpotentiallydangerousnetworktraffic.Using

thistechnologyitispossible,forthefirsttime,toalignITserviceswiththeneedsofspecificusers

andapplications,andtoleveragethenetworkasakeycomponentoftheorganization’ssecurity

strategy.

TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,Network

Services,andBehavioralProfiles.Thesearedefinedasfollows:

• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer3,and

Layer4informationinthedatapacket)aretreatedbyeachSwitchorRouter.Ingeneral,

ClassificationRulesareappliedtothenetworkinginfrastructureatthenetworkedge/ingress

point.

•NetworkServicesarelogicalgroupsofClassificationRulesthatidentifyspecificnetworked

applicationsorservices.Usersmaybepermittedordeniedaccesstotheseservices��basedon

theirrolewithintheorganization.Priorityandbandwidthratelimitingmayalsobecontrolled

usingNetworkServices.

•BehavioralProfiles(orroles)areusedtoassignNetworkServicestogroupsofuserswho

sharecommonneeds–forexampleExecutiveManagers,HumanResourcesPersonnel,or

GuestUsers.Access,resources,andsecurityrestrictionsareappliedasappropriatetoeach

BehavioralProfile.Avarietyofauthenticationmethodsincluding802.1X,EAP‐TLS,EAP‐

TTLS,andPEAPmaybeusedtoclassifyandauthorizeeachindividualuser;andtheIT

AdministratormayalsodefineaBehavioralProfiletoapplyintheabsenceofan

authenticationframework.

Standards Compatibility

TheDFE‐DiamondmodulesarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,

802.1D‐1998,and802.1Q‐1998standards.TheDFE‐DiamondmoduleprovidesIEEE802.1D‐1998

SpanningTreeAlgorithm(STA)supporttoenhancetheoverallreliabilityofthenetworkand

protectagainst“loop”conditions.

LANVIEW Diagnostic LEDs

LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidinganeasyway

toobservethestatusofindividualportsandoverallnetworkoperations.