Using Policy in Your Network

Policy is a component of Secure Networks that provides for the configuration of role-based profiles for securing and provisioning network resources based upon the role the user or device plays within the enterprise. By first defining the user or device role, network resources can be granularly tailored to a specific user, system, service, or port-based context by configuring and assigning rules to the policy role. A policy role can be configured for any combination of Class of Service, VLAN assignment, classification rule precedence, logging, accounting, or default behavior based upon L2, L3, and L4 packet fields. Hybrid authentication allows either policy or dynamic VLAN assignment, or both, to be applied through RADIUS authorization.

The three primary benefits of using Extreme Networks Secure Networks policy in your network are provisioning and control of network resources, security, and centralized operational efficiency using the Extreme Networks NetSight Policy Manager.

Policy provides for the provisioning and control of network resources by creating policy roles that allow you to determine network provisioning and control at the appropriate network layer, for a given user or device. With a role defined, rules can be created on S- and K-Series platforms based upon up to 29 traffic classification types and on the 7100-Series platform upon up to 15 traffic classification types for traffic drop or forwarding. On the 7100-Series platform, classification support is determined by the system resource allocation profile configured. A Class of Service (CoS) can be associated with each role for purposes of setting priority, forwarding queue, rate limiting, and rate shaping.

Security can be enhanced by allowing only intended users and devices access to network protocols and capabilities. Some examples are:

• Ensuring that only approved stations can use SNMP, preventing unauthorized stations from viewing, reading, and writing network management information
• Preventing edge clients from attaching network services that are appropriately restricted to data centers and managed by the enterprise IT organization such as DHCP and DNS services
• Identifying and restricting routing to legitimate routing IP addresses to prevent DoS, spoofing, data integrity and other routing related security issues
• Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized file and configuration management servers
• Preventing clients from using legacy protocols such as IPX, AppleTalk, and DECnet that should no longer be running on your network
• On the S- and K-Series, using HTTP redirection to force a client‘s web browser to be redirected to a particular administrative web page.

Extreme Networks NetSight Policy Manager provides a centralized point and click configuration, and one click pushing of defined policy out to all network elements. Use the Extreme Networks NetSight Policy Manager for ease of initial configuration and response to security and provisioning issues that may come up during real-time network operation.