Policy is a component of Secure Networks that provides for the configuration of role-based profiles for securing and provisioning network resources based upon the role the user or device plays within the enterprise. By first defining the user or device role, network resources can be granularly tailored to a specific user, system, service, or port-based context by configuring and assigning rules to the policy role. A policy role can be configured for any combination of Class of Service, VLAN assignment, classification rule precedence, logging, accounting, or default behavior based upon L2, L3, and L4 packet fields. Hybrid authentication allows either policy or dynamic VLAN assignment, or both, to be applied through RADIUS authorization.
The three primary benefits of using Extreme Networks Secure Networks policy in your network are provisioning and control of network resources, security, and centralized operational efficiency using the Extreme Networks NetSight Policy Manager.
Policy provides for the provisioning and control of network resources by creating policy roles that allow you to determine network provisioning and control at the appropriate network layer, for a given user or device. With a role defined, rules can be created on S- and K-Series platforms based upon up to 29 traffic classification types and on the 7100-Series platform upon up to 15 traffic classification types for traffic drop or forwarding. On the 7100-Series platform, classification support is determined by the system resource allocation profile configured. A Class of Service (CoS) can be associated with each role for purposes of setting priority, forwarding queue, rate limiting, and rate shaping.
Security can be enhanced by allowing only intended users and devices access to network protocols and capabilities. Some examples are:
Extreme Networks NetSight Policy Manager provides a centralized point and click configuration, and one click pushing of defined policy out to all network elements. Use the Extreme Networks NetSight Policy Manager for ease of initial configuration and response to security and provisioning issues that may come up during real-time network operation.