Filter
Top Products
78 CHAPTER 4: USING 3COM NETWORK ACCESS MANAGER WITHIN A NETWORK
Case Study 3 -
Blocking A Specific
PC From The
Network
This case study describes the tasks that need to be performed in order to
block a specific PC from the network, using MAC-address based
authentication. It is an example of a Blacklist mode in which all devices
are allowed network access unless the device is on the blacklist. This is
useful in very large networks where you just want to block access to
specific PCs.
Network
Administrator Tasks
The following provides an overview of the tasks for a network
administrator responsible for the domain on the network.
1 Ensure edge port security is set to MAC-address based authentication on
edge ports in the domain.
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2 Select the Default Rule and set the Network Access to Allow, see
“Changing Rule Properties” in Chapter 3.
3 Create a Blacklist rule which can be used to deny network access to
specific computers.
a Set security permissions for the Blacklist rule. Grant READ and WRITE
access to the users/groups permitted to apply the rule, grant READ
access to all Network Administrators in the domain to ensure they can
see that the rule exists even if they are not permitted to apply the rule.
b Set the Actions for the rule:
select the rule priority, a Blacklist rule should be assigned a high
priority to ensure it takes precedence over other rules
set Network Access for the Blacklist rule to Deny to block network
access,
4 Ensure the network operators or those individuals responsible for
applying the Blacklist rule have the Network Operator component of
3Com Network Access Manager installed on their PC.