3com DUA1550-0AAA02 Manuel D’Utilisation

This case study describes the tasks that need to be performed in order to 
set up hot desking with the ability to filter out specific hosts. This 
configuration allows infected PCs to be isolated regardless of where the 
user has connected to the network in a hot desking office environment. 
The method combines MAC-address based authentication with IEEE 
802.1X authentication and Auto VLAN.

The following provides an overview of the tasks for a network 
administrator responsible for the domain on the network.

1 Ensure edge port security is set to MAC-address based authentication (or 

RADA) And IEEE 802.1X, and Auto VLAN is enabled. 

Using 3Com Network Access Manager:

2 Create VLANs and QoS profiles. Use the same VLAN IDs and QoS profile 

IDs as set up in the network access device (switch or wireless access 
point), otherwise the network access device may not accept the RADIUS 
response.

3 Decide which VLAN will be the Isolation VLAN.

4 Create an Isolation rule. 

a Set security permissions for the Isolation rule. Grant READ and WRITE 

access to the users/groups permitted to apply the rule, grant READ 
access to all Network Administrators in the domain to ensure they can 
see that the rule exists even if they are not permitted to apply the rule.

b Set the Actions for the Isolation rule: 

■

select the rule priority, an Isolation rule should have a high priority 
to ensure it takes precedence over other rules,

■

set Network Access to Allow,

select the VLAN ID of the Isolation VLAN.

5 Ensure the network operators or those individuals responsible for 

applying the rules have the Network Operator component of 3Com 
Network Access Manager installed on their PC.