User Guide
Chapter 1 Overview 35
Nortel Secure Network Access Switch 4050 User Guide
• VoIP — automatic access for VoIP traffic. The network access device places
VoIP calls in a VoIP VLAN without submitting them to the Nortel
SNAS 4050 authentication and authorization process.
When a client attempts to connect to the network, the network access device
places the client in its Red VLAN. The Nortel SNAS 4050 authenticates the client
and then downloads a TunnelGuard applet to check the integrity of the client host.
If the integrity check fails, the Nortel SNAS 4050 instructs the network access
device to move the client to a Yellow VLAN, with its associated filter. If the
integrity check succeeds, the Nortel SNAS 4050 instructs the network access
device to move the client to a Green VLAN, with its associated filter. The network
access device applies the filters when it changes the port membership.
The VoIP filters allow IP Phone traffic into one of the preconfigured VoIP VLANs
for VoIP communication only.
The default filters can be modified to accommodate network requirements, such
as Quality of Service (QoS) or specific workstation boot processes and network
communications.
For information about configuring VLANs and filters on the network access
device, see Release Notes for Nortel Ethernet Routing Switch 5500 Series,
Software Release 4.3 (217468-B) or Release Notes for the Ethernet Routing
Switch 8300, Software Release 2.2.8 (316811-E).
Groups and profiles
Users are organized in groups. Group membership determines:
• user access rights
Within the group, extended profiles further refine access rights depending on
the outcome of the TunnelGuard checks.
• number of sessions allowed
• the TunnelGuard SRS rule to be applied
• what displays on the portal page after the user has been authenticated
For information about configuring groups and extended profiles on the Nortel
SNAS 4050, see “Configuring groups and profiles” on page 191.