Policy Configuration Overview
16-2 Configuring Policy
• Identifying and restricting routing to legitimate routing IP addresses to prevent DoS,
spoofing, data integrity and other routing related security issues.
• Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized
file and configuration management servers.
• Preventing clients from using legacy protocols such as IPX, Apple Talk, and DECnet that
should no longer be running on your network.
Enterasys NetSight Policy Manager provides a centralized point and click configuration, and one
click pushing of defined policies out to all network elements. Use the Enterasys NetSight Policy
Manager for ease of initial configuration and faster response to security and provisioning issues
that may come up during real-time network operation.
Standard and Enhanced Policy on Enterasys Platforms
There are two sets of policy capabilities supported on Enterasys switching platforms. Standard
policy represents the base policy features supported on all Enterasys platforms. Enhanced policy
is an additional set of policy capabilities supported only on the modular switch platforms which
use custom switches ASICs designed by Enterasys. These modular switches include the N-Series,
S-Series, and K-Series product lines.
The Fixed Switch product lines, which use commercially available switching ASICs, support only
standard policy capabilities. Since this document describes how to configure the Fixed Switch
products, only standard policy capabilities are discussed.
For information about enhanced policy capabilities, refer to the NetSight Policy Manager online
help, the Configuring Policy Feature Guide, or the modular switch Configuration Guides.
Implementing Policy
To implement policy:
• Identify the roles of users and devices in your organization that access the network
• Create a policy role for each identified user role
• Associate classification rules with each policy role
• Optionally, configure class of service and associate it directly with policy profiles and/or rules
• Apply policies, either statically or dynamically
Policy Configuration Overview
This section provides an overview of policy configuration. Policy is implemented on an Enterasys
platform by associating users and devices in the network with defined enterprise roles (such as
sales, engineering, or administration) that are configured in a policy role. The policy role is
associated with rules that define how network resources will be provisioned and controlled for
role members, as well as how security will be applied to the role member.
Using the Enterasys NetSight Policy Manager
Enterasys NetSight Policy Manager is a management GUI that automates the definition and
enforcement of network-wide policy profiles and rules. It eliminates the need to configure policies
on a device-by-device basis using complex CLI commands. The Policy Manager’s GUI simplifies
rule and policy role creation. You only define policies once using a point and click GUI— and
To Next Page
Loading...
Need help?
General