Filter
Top Products
Case Study 2 - Restricting Network Access To Known Computers 75
Case Study 2 -
Restricting Network
Access To Known
Computers
This case study describes the tasks that need to be performed in order to
restrict network access to known computers, using MAC-address based
authentication.
It is an example of “block-by-default” or a white-list mode, where the
device needs to be listed in the RADIUS server before it is allowed access
to the network. This mode relies solely on authenticating the MAC
address of each attached device. Non-user devices (for example printers
and servers) can still connect to the network, while the network blocks
rogue devices, such as unknown wireless access devices. This mode does
not require user authentication and hence does not provide any network
protection against unauthorized user login.
Network
Administrator Tasks
The following provides an overview of the tasks for a network
administrator responsible for the domain on the network.
1 Ensure edge port security is set to MAC-address based authentication (or
RADA) on edge ports in the domain.
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2 Select the Default Rule and set the Network Access to Deny, see
“Changing Rule Properties” in Chapter 3.
3 Create an Authorized Computers rule which will allow network access,
see “Creating A New Rule”in Chapter 3.
a Set security permissions for the rule. Grant READ and WRITE access to
the users/groups permitted to apply the rule, grant READ access to all
Network Administrators in the domain to ensure they can see that the
rule exists even if they are not permitted to apply the rule.
b Set the Actions for the rule: select the rule priority, and set Network
Access to Allow, if appropriate select the VLAN, QoS profile and EFW
policy for the rule.
4 Enter the MAC addresses for all devices in the domain. For information
on entering MAC addresses, see “Entering MAC Addresses For A
Computer”.
5 Create a new group which will hold the computers that are allowed
access, see “Creating A New Group” in Chapter 3.