Chapter 5 Configuring groups and profiles 193

Each group’s data include the following configurable parameters:

linksets

TunnelGuard SRS rule

extended profiles

After the user has been authenticated, the Nortel SNAS 4050 checks the groups defined for the domain to match the group name returned from the authentication database. For the duration of the user’s login session, the Nortel SNAS 4050 maintains a record of the group matched to the user.

When the Nortel SNAS 4050 has identified the matching group, it applies group data to the user as follows:

linksets — All linksets configured for the group of which the user is a member display on the user’s portal page (see “Linksets” on page 194).

TunnelGuard SRS rule — The TunnelGuard host integrity check uses the criteria specified in the SRS rule assigned to the group.

extended profiles — The Nortel SNAS 4050 checks the group to identify if there is an applicable extended profile (see “Extended profiles” on page 195).

For information about configuring a group, see “Configuring groups using the CLI” on page 198 or “Configuring groups using the SREM” on page 208.

Default group

You can configure a group to be the default group, with limited access rights. If the group name returned from the authentication database does not match any group defined on the Nortel SNAS 4050, the Nortel SNAS 4050 will map the user to the default group.

To create a default group, see “Creating a default group using the CLI” on page 208 or “Creating a default group using the SREM” on page 230.

Nortel Secure Network Access Switch 4050 User Guide

Page 193
Image 193
Nortel Networks 4050 manual Default group