User Guide

Standards Compatibility

1-6 Introduction

TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,

NetworkServices,andBehavioralProfiles.Thesearedefinedasfollows:

• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer

3,andLayer4informationinthedatapacket)aretreatedbyeachSwitchorRouter.In

general,

ClassificationRulesareappliedtothenetworkinginfrastructureatthe

networkedge/ingresspoint.

•NetworkServicesarelogicalgroupsofClassificationRules thatidentifyspecific

networkedapplicationsorservices.Usersmaybepermittedordeniedaccesstothese

servicesbasedontheirrolewithintheorganization.Priorityandbandwidthrate

limitingmay

alsobecontrolledusingNetworkServices.

•BehavioralProfiles(orroles)areusedtoassignNetworkServicestogroupsofusers

whosharecommonneeds–forexampleExecutiveManagers,HumanResources

Personnel,orGuestUsers.Access,resources,andsecurityrestrictionsareappliedas

appropriatetoeachBehavioralProfile.Avarietyofauthentication

methodsincluding

802.1X,EAP‐TLS,EAP‐TTLS,andPEAPmaybeusedtoclassifyandauthorizeeach

individualuser;andtheITAdministratormayalsodefineaBehavioralProfileto

applyintheabsenceofanauthenticationframework.

Standards Compatibility

TheDFE moduleisfullycomplia ntwiththeIEEE802.3‐2002,802.3ae‐2002,802.3af‐2003,

802.1D‐1998,and802.1Q‐1998standards.TheDFE‐GoldmoduleprovidesIEEE

802.1D‐1998SpanningTreeAlgorithm(STA)supporttoenhancetheoverallreliabilityof

thenetworkandprotectagainst“loop”conditions.

LANVIEW Diagnostic LEDs

LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidingan

easywaytoobservethestatusofindividualportsandoverallnetworkoperations.