3com DUA1550-0AAA02 User Manual

Page of 136
3Com Network Access Manager Overview
11
authorized computers or users that represent a security threat to the 
network. For example, a PC infected with a virus or a worm, or a user 
launching a DoS attack on the network. Further examples of how 3Com 
Network Access Manager can be used to improve the security on a 
network are given in chapter 4.
In addition, 3Com Network Access Manager provides facilities for the 
configuration of Active Directory based information for use by a 3Com 
EFW Policy Server, see “3Com EFW Policy Support”.
3Com Network
Access Manager User
Interfaces
3Com Network Access Manager provides two interfaces: an 
Administration interface and an Operator interface, see Figure 1.
The Administration interface is a Microsoft Management Console (MMC) 
snap-in that enables the user to quickly configure Active Directory/IAS to 
provide user and device authentication, with VLAN and QoS 
configuration. It is an extension of the existing Active Directory database 
so the list of users, groups and computers already set up in Active 
Directory are used to authenticate users. The administrator can also 
configure a safe network, to isolate PCs identified as being infected with 
a virus or worm.
The Operator interface is a simple extension to the current Active 
Directory Users and Computers interface, through the addition of an 
extra tab added to the Properties pages for users and computers. This 
allows non IT staff, granted with appropriate permissions, to apply rules 
that have already been setup by the network administrator. 
Users of 3Com
Network Access
Manager
The 3Com Network Access Manager interfaces enables two different 
types of users to control and apply rules on a network: Network 
Administrators and Network Operators. This enables network 
administrators to delegate much of the day-to-day routine of 
administering network access to non technical staff.
Network Administrators
3Com Network Access Manager assumes network administrators are 
responsible for:
setting up the RADIUS server and edge-port security, including the 
VLAN, QoS profiles and EFW policies across the network, 
creating the user group structure within Active Directory,