Filter
Top Products
16 CHAPTER 1: INTRODUCTION
Only one pre-defined rule, the Default Rule, is supplied as standard. The
Default Rule is used whenever an authentication finds that a user, group
or computer is not a member of any other rule. Further rules are added
by the Network Administrator to implement the required network
security policies, see “Creating A New Rule” in Chapter 3.
Rule Priority
Each rule has a priority associated with it. The rule with priority 1 has the
highest priority, and will take precedence over all other rules. Whenever a
RADIUS request is authenticated, all associated rules will be found, but
only the rule with the highest priority will be used. No two rules can have
the same priority. It is the network administrator's responsibility to ensure
that each rule has a unique priority.
The Default Rule always has the lowest priority.
Network Access Setting
A rule defines the Network Access as either:
Allow - The authentication is valid, or
Deny - The authentication is refused
If the Network Access for a rule is set to Allow, and the rule is selected,
then the RADIUS response will be Accept and will contain the VLAN and
QoS profile associated with the rule. If the Network Access for a rule is set
to Deny, and the rule is selected, then the RADIUS response will be Reject.
To understand the effect that the Network Access setting has in a
network, the Network Administrator needs to be aware of how the edge
port security has been set up. In some port modes, the setting may
appear counter-intuitive, for example Allow can be used to implement a
blacklist. For more information on edge port security modes, see
“Configuring Edge Port Security”.
RADIUS
Authentication and
Authorization
Authentication/ authorization DLLs for IAS are provided as part of the
3Com Network Access Manager installation. The Authentication DLL is
used to verify the identity of the user or computer being authenticated
through 3Com Network Access Manager. The Authorization DLL is
responsible for sending the RADIUS response for a user or computer that
is recognized by 3Com Network Access Manager.