User-based security policy
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
User-based security policy

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Nortel
Author Message
M. Eteum
Guest
Posted: Mon Nov 28, 2005 5:20 pm    Post subject: User-based security policy Reply with quote
To have the user-based policy security implemented on the Nortel
Switches(Baystacks and Passport 8600), in addition to the Win 2003
IAS(RADIUS) and Win 2003 Certificate Server, is Nortel EPM(Enterprise
Policy Manager) a requirement as well? Or is there alternatives?

Thanks
Back to top
zev
Guest
Posted: Tue Nov 29, 2005 2:21 am    Post subject: Re: User-based security policy Reply with quote
Yes, the EPM is required. The RADIUS Server will return an attribute
whose value corresponds to a set of filters that will be applied to the
user's port. These filters are stored in the EPM database.
Back to top
M. Eteum
Guest
Posted: Wed Nov 30, 2005 3:50 am    Post subject: Re: User-based security policy Reply with quote
zev wrote:
Quote:
Yes, the EPM is required. The RADIUS Server will return an attribute
whose value corresponds to a set of filters that will be applied to the
user's port. These filters are stored in the EPM database.


Is there any alternative for the Nortel EPM? Specifically, an EPM that
utilize Microsoft Active Directory/LDAP where Nortel EPM uses iPlanet
Directory Server.

Also, how would I find out what information can the Microsoft IAS/RADIUS
server returns to the RADIUS client(e.g. Nortel Baystack 470) and what
information can the switch(e.g. Nortel Baystack 470) accept from the
RADIUS server?

Thanks
Back to top
Vman
Guest
Posted: Thu Dec 01, 2005 4:39 am    Post subject: Re: User-based security policy Reply with quote
There is no alternative to the EPM. The RADIUS Server will return a
Group Id attribute, as well as VLAN Id, and QoS level. (Note all of
these attributes are optional. In this case if you are using UBP then
you need the Group Id). On the EPM you would define the Group Id which
would map to a set of filters that are applied to the edge switch.

Note that Nortel has a new solution called Secure Network Acess which
authenticates and verifies the integrity of hosts before allowing them
onto the network with requiring any special client on the host system.
There is alot of details that I'm leaving out but you may want to ask
Nortel about it since you are interested in this topic.
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Nortel All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB