Nortel Networks 4050 User Manual
Chapter 5 Configuring groups and profiles 195
Nortel Secure Network Access Switch 4050 User Guide
Extended profiles
Passing or failing the SRS rule check is the only authorization control provided at
the group level. This is the base profile. In future releases of the Nortel
SNAS 4050 software, extended profiles will provide a mechanism to achieve
more granular authorization control, based on specific characteristics of the user's
connection. You can define up to 63 extended profiles for each group.
the group level. This is the base profile. In future releases of the Nortel
SNAS 4050 software, extended profiles will provide a mechanism to achieve
more granular authorization control, based on specific characteristics of the user's
connection. You can define up to 63 extended profiles for each group.
In Nortel Secure Network Access Switch Software Release 1.0, the data for an
extended profile include the following configurable parameters:
extended profile include the following configurable parameters:
•
linksets
•
the VLAN which the user is authorized to access
Each extended profile references a client filter in a one-to-one relationship. With
Nortel Secure Network Access Switch Software Release 1.0, you can configure
the TunnelGuard check result as the criterion for the client filters, in order to
establish the user’s security status.
Nortel Secure Network Access Switch Software Release 1.0, you can configure
the TunnelGuard check result as the criterion for the client filters, in order to
establish the user’s security status.
The client filter referenced in the extended profile determines whether the
extended profile data will be applied to the user. After the user has been
authenticated and the TunnelGuard host integrity check has been conducted, the
Nortel SNAS 4050 checks the group’s extended profiles in sequence, in order of
the profile IDs, for a match between the client filter conditions and the user’s
security status. When it finds a match, the Nortel SNAS 4050 applies that
particular extended profile’s data to the user. Data defined for the base profile (for
example, linksets) are appended to the extended profile’s data. If the Nortel
SNAS 4050 finds no match in any of the extended profiles, it applies the base
profile data.
extended profile data will be applied to the user. After the user has been
authenticated and the TunnelGuard host integrity check has been conducted, the
Nortel SNAS 4050 checks the group’s extended profiles in sequence, in order of
the profile IDs, for a match between the client filter conditions and the user’s
security status. When it finds a match, the Nortel SNAS 4050 applies that
particular extended profile’s data to the user. Data defined for the base profile (for
example, linksets) are appended to the extended profile’s data. If the Nortel
SNAS 4050 finds no match in any of the extended profiles, it applies the base
profile data.
For information about configuring client filters, see
For information about configuring extended profiles, see
.