152 Configuring groups and profiles
Each extended profile references a client filter in a one-to-one relationship.
With Nortel Secure Network Access Switch Software Release 1.6.1, you
can configure the Nortel Health Agent check result as the criterion for the
client filters, in order to establish the user’s security status.
The client filter referenced in the extended profile determines whether
the extended profile data will be applied to the user. After the user has
been authenticated and the Nortel Health Agent host integrity check has
been conducted, the Nortel SNAS checks the group’s extended profiles
in sequence, in order of the profile IDs, fora match between the client
filter conditions and the user’s security status. When it finds a match, the
Nortel SNAS applies that particular extended profile’s data to the user.
Data defined for the base profile (for example, linksets) are appended to
the extended profile’s data. If the Nortel SNAS finds no match in any of the
extended profiles, it applies the base profile data.
For information about configuring client filters, see “Configuring client
filters” (page 162).
For information about configuring extended profiles, see “Configuring
extended profiles” (page 164).
Before you begin
Before you configure groups, client filters, and extended profiles on the
Nortel SNAS, complete the following tasks:
Step Action
1Create the linksets, if desired (see “Linksets and links” (page
234)).
2Create the SRS rules (see Nortel Secure Network Access Switch
4050 User Guide for the SREM (NN47230-101), ), and for BBI
(see Nortel Secure Network Access Switch Configuration —
Using the BBI (NN47230-500)).
3If authentication services have already been configured,
ascertain the group names used by the authentication services.
Group names defined on the Nortel SNAS must correspond
to group names used by the authentication services. Table 22
"Group names in the Nortel SNAS and authentication services"
(page 153) summarizes the requirements for the various
authentication methods.
--End--
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007,2008 NortelNetworks
.