Manualshelf

User Guide

ManualsBrandsNortel Networks ManualsOther4050
191192193194195196197198199200
Chapter 5 Configuring groups and profiles 195
Nortel Secure Network Access Switch 4050 User Guide
Extended profiles
Passing or failing the SRS rule check is the only authorization control provided at
the group level. This is the base profile. In future releases of the Nortel
SNAS 4050 software, extended profiles will provide a mechanism to achieve
more granular authorization control, based on specific characteristics of the user's
connection. You can define up to 63 extended profiles for each group.
In Nortel Secure Network Access Switch Software Release 1.0, the data for an
extended profile include the following configurable parameters:
linksets
the VLAN which the user is authorized to access
Each extended profile references a client filter in a one-to-one relationship. With
Nortel Secure Network Access Switch Software Release 1.0, you can configure
the TunnelGuard check result as the criterion for the client filters, in order to
establish the user’s security status.
The client filter referenced in the extended profile determines whether the
extended profile data will be applied to the user. After the user has been
authenticated and the TunnelGuard host integrity check has been conducted, the
Nortel SNAS 4050 checks the group’s extended profiles in sequence, in order of
the profile IDs, for a match between the client filter conditions and the user’s
security status. When it finds a match, the Nortel SNAS 4050 applies that
particular extended profile’s data to the user. Data defined for the base profile (for
example, linksets) are appended to the extended profile’s data. If the Nortel
SNAS 4050 finds no match in any of the extended profiles, it applies the base
profile data.
For information about configuring client filters, see “Configuring client filters
using the CLI” on page 201 or “Configuring client filters using the SREM” on
page 213.
For information about configuring extended profiles, see “Configuring extended
profiles using the CLI” on page 203 or “Configuring extended profiles using the
SREM” on page 219.