Filter
Top Products
84 CHAPTER 4: USING 3COM NETWORK ACCESS MANAGER WITHIN A NETWORK
Case Study 5 -
Removing Infected
Devices From The
Network
Combining Auto VLAN with MAC-address based authentication enables
infected PCs to be moved to a separate network, until the network
administrator has removed any viruses or worms.
Network
Administrator Tasks
The following provides an overview of the tasks for a network
administrator responsible for the domain on the network.
1 Ensure edge port security is set to MAC-address based authentication (for
example RADA-Else-Network Login) and Auto VLAN is enabled, on edge
ports in the domain.
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2 Select the Default Rule and set the Network Access to Allow, see
“Changing Rule Properties” in Chapter 3.
3 Create VLANs and QoS profiles. Use the same VLAN IDs and QoS profile
IDs as set up in the network access device (switch or wireless access
point), otherwise the network access device may not accept the RADIUS
response.
4 Decide which VLAN will be the Isolation VLAN.
5 Create an Isolation rule.
a Set security permissions for the Isolation rule. Grant READ and WRITE
access to the users/groups permitted to apply the rule, grant READ
access to all Network Administrators in the domain to ensure they can
see that the rule exists even if they are not permitted to apply the rule.
b Set the Actions for the Isolation rule:
■ select the rule priority, an Isolation rule should have a high priority
to ensure it takes precedence over other rules,
■ set Network Access to Allow,
■ select the VLAN ID of the Isolation VLAN.
6 Ensure the network operators or those individuals responsible for
applying the rule have the Network Operator component of 3Com
Network Access Manager installed on their PC.