The Nortel SNAS 29
Four type of Layer 2 or Layer 3 VLANs are configured for VLANs and
filters enforcement:
Red—extremely restricted access. If the default filters are used, the
user can communicate only with the Nortel SNAS and the Windows
domain controller network. There is one Red VLAN for each network
access devices.
Yellow—restricted access for remediation purposes if the client PC fails
the host integrity check. Depending on the filters and Nortel Health
Agent rules configured for the network, the client may be directed to
a remediation server participating in the Yellow VLAN. There can be
up to five Yellow VLANs for each network access devices. Each user
group is associated with only one Yellow VLAN.
Green—full access, in accordance with the user’s access privileges.
There can be up to five Green VLANs for each network access
devices.
VoIP—automatic access for VoIP traffic. The network access devices
places VoIP calls in a VoIP VLAN without submitting them to the Nortel
SNAS authentication and authorization process.
When a client attempts to connect to the network, the network access
devices places the client in its Red VLAN. The Nortel SNAS authenticates
the client. By default, the Nortel SNAS then downloads a Nortel Health
Agent applet to check the integrity of the client host. If the integrity check
fails, the Nortel SNAS instructs the network access devices to move the
client to a Yellow VLAN, with its associated filter. If the integrity check
succeeds, the Nortel SNAS instructs the network access devices to move
the client to a Green VLAN, with its associated filter. The network access
devices applies the filters when it changes the port membership.
The VoIP filters allow IP phone traffic into preconfigured VoIP VLANs, for
VoIP communication only.
The default filters can be modified to accommodate network requirements,
such as Quality of Service (QoS) or specific workstation boot processes
and network communications.
For information about configuring VLANs and filters on the network access
devices, see Release Notes for Nortel Ethernet Routing Switch 5500
Series, Software Release 5.0.1,orRelease Notes for the Ethernet Routing
Switch 8300, Software Release 2.2.8 ,.
To configure the Nortel SNAS for VLANs and filters enforcement, see
“Configuring groups” (page 156),enftype.
Filters only
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007,2008 NortelNetworks
.