User Guide
Standards Compatibility
1-6 Introduction
TheSecureNetworksPolicyArchitectureconsistsof3components:ClassificationRules,
NetworkServices,andBehavioralProfiles.Thesearedefinedasfollows:
• ClassificationRulesdeterminehowspecifictrafficflows(identifiedbyLayer2,Layer
3,andLayer4informationinthedatapacket)aretreatedbyeachSwitchorRouter.In
general,
ClassificationRulesareappliedtothenetworkinginfrastructureatthe
networkedge/ingresspoint.
•NetworkServicesarelogicalgroupsofClassificationRules thatidentifyspecific
networkedapplicationsorservices.Usersmaybepermittedordeniedaccesstothese
servicesbasedontheirrolewithintheorganization.Priorityandbandwidthrate
limitingmay
alsobecontrolledusingNetworkServices.
•BehavioralProfiles(orroles)areusedtoassignNetworkServicestogroupsofusers
whosharecommonneeds–forexampleExecutiveManagers,HumanResources
Personnel,orGuestUsers.Access,resources,andsecurityrestrictionsareappliedas
appropriatetoeachBehavioralProfile.Avarietyofauthentication
methodsincluding
802.1X,EAP‐TLS,EAP‐TTLS,andPEAPmaybeusedtoclassifyandauthorizeeach
individualuser;andtheITAdministratormayalsodefineaBehavioralProfileto
applyintheabsenceofanauthenticationframework.
Standards Compatibility
TheDFE moduleisfullycomplia ntwiththeIEEE802.3‐2002,802.3ae‐2002,802.3af‐2003,
802.1D‐1998,and802.1Q‐1998standards.TheDFE‐GoldmoduleprovidesIEEE
802.1D‐1998SpanningTreeAlgorithm(STA)supporttoenhancetheoverallreliabilityof
thenetworkandprotectagainst“loop”conditions.
LANVIEW Diagnostic LEDs
LANVIEWdiagnosticLEDsserveasanimportanttroubleshootingaidbyprovidingan
easywaytoobservethestatusofindividualportsandoverallnetworkoperations.