Fixed Switch Configuration Guide 16-1
16
Configuring Policy
This chapter provides an overview of Enterasys policy operation, describes policy terminology,
and explains how to configure policy on Fixed Switch platforms using the CLI. However,
Enterasys Networks strongly recommends that you use NetSight Policy Manager, not CLI
commands, to configure policy in your network.
Using Policy in Your Network
Policy is a component of Secure Networks that provides for the configuration of role-based
profiles for securing and provisioning network resources based upon the role the user or device
plays within the enterprise. By first defining the user or device role, network resources can be
tailored to a specific user, system, service, or port-based context by configuring and assigning
rules to the policy role. On the Fixed Switches, a policy role can be configured for any combination
of Class of Service, VLAN assignment, or default behavior based upon L2, L3, and L4 packet
fields.
The three primary benefits of using Enterasys Secure Networks policy in your network are
provisioning and control of network resources, security, and centralized operational efficiency
using the Enterasys NetSight Policy Manager.
Policy provides for the provisioning and control of network resources by creating policy roles that
allow you to determine network provisioning and control at the appropriate network layer, for a
given user or device. With a role defined, rules can be created based upon traffic classification
types for traffic drop or forwarding. A Class of Service (CoS) can be associated with each role for
purposes of setting priority, flood control, and rate limiting.
Security can be enhanced by allowing only intended users and devices access to network
protocols and capabilities. Some examples are:
• Ensuring that only approved stations can use SNMP, preventing unauthorized stations from
viewing, reading, and writing network management information.
• Preventing edge clients from spoofing network services that are appropriately restricted to
data centers and managed by the enterprise IT organization — services such as DHCP and
DNS.
For information about... Refer to page...
Using Policy in Your Network 16-1
Policy Configuration Overview 16-2
Configuring Policy 16-9
Policy Configuration Example 16-12
Terms and Definitions 16-18
To Next Page
Loading...
Need help?
General