Instruction/ maintenance manual of the product DUA1550-0AAA02 3Com
Go to page of 136
http://www.3com.com/ Part No. DUA1550-0AAA02 Published Dec ember 2005 3Com Network Access Manager User Guide V ersion 1.1.
3Com Corporati on 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2 005, 3Com Corporatio n. All rights reserved . No part of this documen tatio n may be repro duced in any form or by any means or used to make any derivative work (such as tran slation, transformation , or adaptation) without writt en permission fr om 3Com Corporation.
C ONTENTS A BOUT T HIS G UIDE Naming Conventions 7 Screen Shots 7 Conventions 8 Related Documentat ion 8 1 I NTRODUCTION 3Com Network A ccess Manager Overview 9 3Com Network Access Man ager User Inter.
4 2 I NSTALLING 3C OM N ETWORK A CCESS M ANAGER System R equir ements 21 Before Installation 23 Installing 3Com Network Access Manager 24 Overview 24 New Installation 24 Modifying and Repairing An Ins.
5 Associating Rules With A User 54 Displaying And Changing Rule s Associated With A User 56 Creating A New User 56 Groups View 57 Associating Rules With A Group 58 Displaying And Changing Rules Associ.
6 Case Study 4 - Hot Desking 81 Network Administrato r T asks 81 Network Operator T asks 8 2 What Happens When A User Logs In 82 Case Study 5 - Removing Infect ed Devices From The Network 84 Network A.
A BOUT T HIS G UIDE This guide describes how to install and co nfigure the 3Com Network Access Manager . This guide is intended for use by network ad ministrators who are responsible for installing and setting up network equipment, and who ar e already familiar with configuring Mi crosoft’ s Active Dir ectory and IAS RADIUS servers.
8 A BOUT T HIS G UIDE Conventions T able 1 and T able 2 list conventions that are used throughout this guide. Related Documentation In addition to this g uide, each 3C om Networ k Access Mana ger pr ovides on-line help which can be accessed through the application.
1 I NTR ODUCTION This chapter provides: ■ an overview of how 3Com Network Access Manager integrates with Microsoft’ s IAS and Active Dir ectory , ■ an explanation of Rules, Rule Priority and RAD.
10 C HAPTER 1: I NTRODUCTION ■ Moving specific users or computers (e.g. a PC infecte d with a virus) into an isolated network. Figur e 1 illustrates the integration of 3Com Network Access Manager with Microsoft's Internet Authentica tion Service (IAS) and Micr osoft's Active Dir ectory .
3Com Network Access Ma nager Overview 11 authorized computers or users that represent a security thr eat to the network. For example, a PC infected with a virus or a worm, or a user launching a DoS attack on the network. Further examp les of how 3Com Network Access Manager can be used to improve the security on a network are given in chapter 4.
12 C HAPTER 1: I NTRODUCTION and are familiar with MAC addresses and IEEE 802.1X authentication. T ypical tasks for a network admini strator using 3C om Network Access Manager include: ■ editing sec.
3Com Network Access Ma nager Overview 13 3Com EFW Policy Support 3Com Network Access Manager prov ides support for 3Com EFW Policy Server v2.5, which adds the concept of user -based Embedded Firewall (EFW) policies rather than just NIC- based EFW policies.
14 C HAPTER 1: I NTRODUCTION priority rule associated w ith the us er , the EFW Policy fr om that rule is then associated with the user , a ll other associations are r emoved. ■ if a rule priority or group is change d, the corr ect associat ions have to be re-established.
Concepts and Terminology 15 systems. As a RADIUS server , IAS per forms centralized connection authentication, authorizat ion, and accounting for network access servers (desktop switches and wireless access points acting as r adius clients), see Figur e 2.
16 C HAPTER 1: I NTRODUCTION Only one pre-defined rule, the Default Rule, is supplied as standard. The Default Rule is used whenever an authentication finds that a user , group or computer is not a member of an y other rule.
Concepts and Terminology 17 The two forms of RADIUS authentication supported by 3Com Net work Access Manager are: ■ MAC-address based authenticati on, for example RADA (RADIUS Authenticated De vice Access). ■ IEEE 802.1X authentication, also known as dot1X, 802.
18 C HAPTER 1: I NTRODUCTION Authorization Once a user ha s successfully authen ticated, the au thorization process determines which VLANs and QoS to return to the switch , as follows: 1 From the authentication rule selected , if any VLAN has been specified, re turn the VLAN ID in t he RADIUS r esponse.
Devices Supported 19 T able 4 lists suitable edge port security modes an d their typical use within a network.The case stu dies in Chapter 4 explain how these port se curity modes operate to control network access.
20 C HAPTER 1: I NTRODUCTION.
2 I NSTALLING 3C OM N ETWORK A CCESS M ANAGER This chapter covers: ■ the operating systems and required PC configurations that ar e compatible with the 3Com Netw ork Access Manager components, ■ t.
22 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER T able 6 lists the confi guration requir e ments of PCs that will have 3Com Network Acc ess Manager components installed. .NET Framework v1.1 is included as part of W indows Ser ver 2003. For Windows 2000 and W indows XP Profe ssional, you can check if .
Before Installation 23 Before Installation Y ou must perform the following tasks on yo ur network before installing and setting up 3Com Network Access Manager: 1 Install and configure Micr osoft Inte rn et Authentication Service (IAS), a Install IAS on one or more Windows 2000 servers or W indows 20 03 servers in the network.
24 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER Installing 3Com Network Access Manager Follow the instructions in this sect ion to install 3Com Network Access Manager .
Installing 3Com Network Access M anager 25 Follow these steps to install the 3Com Network Access Manager components: 1 Insert the 3Com Network Access Mana ger CD in the PC’ s CDROM drive. If Autorun is enabled on the PC, the installation starts automatically and you can skip steps 2 and 3.
26 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER 5 Select Next , the End User License Agre ement will display , Figure 4. Figure 4 End User Licence Agr eement dialog T o contin ue the installation select I accept the terms of the license agreement , and p ress the Next button.
Installing 3Com Network Access M anager 27 Figure 5 Choose Destination Location 7 On the next dialog, Figure 6, sele ct the 3Com Network Access Manager components to install on the PC. T icked components will be installed. Un-ticked components will not be installed.
28 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER Figure 6 Component Selection 8 On the next dialog, Figur e 7, select Install to start the installation, or Back to return to the previous dialog.
Installing 3Com Network Access M anager 29 Figure 7 Confirmation of Installation 9 The Installer will check the ha rd disk space available on the PC. If sufficie nt disk space is available, th e installer will install the components selected.
30 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER Figure 9 Installation Complete With the exception of installin g the Active Directory compon ent, any problems encountered durin g installation will result in an error message being displayed and the installation aborted.
Installing 3Com Network Access M anager 31 4 The splash scr een will display followed by the Maintenance dialog, see Figur e 10. Figure 10 Maintenance dialog 5 Click on the Modify button to change the components installed on the PC. a The Select Components dialog will display .
32 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER on the Maintenance Complete dial og th at the Active Director y components are already pres ent in Active Directory . This will not affect Active Directory . Figure 11 Maintenance Complete dialog 7 Click Finish to exit the Maintenance program.
Installing 3Com Network Access M anager 33 4 The splash scr een will display followed by the Maintenance dialog, see Figur e 12. Figure 12 Maintenance dialog 5 Click on the Remove button.
34 C HAPTER 2: I NSTALLING 3C OM N ETWO RK A CCESS M ANAGER Figure 13 Maintenance Complete dialog.
3 G ETTING S TARTED This chapter describes: ■ how to configure 3Com Network A ccess Manager afte r installation , using the Network Administrator User Interface, ■ how to configure the User Interface for Netwo rk Operators.
36 C HAPTER 3: G ETTING S TARTED Figure 14 Network Administrator User Interface Decr ease Rule Priority Increa se Rule Priorit y New Rule New QoS Pr ofile New EFW Policy New VLAN Active Di re ctory Domain Recalculate EFW Membersh ip items known to the system in the Details pane The T ree pane.
Using The Network Administrator User Interface 37 Setting Up 3Com Network Access Manager T o config ure 3Com Network Access Manager after installation, follow these steps: Before adding entries for VL.
38 C HAPTER 3: G ETTING S TARTED Figure 15 VLANs View Detail Pane. Crea ting A New VLAN T o create a new VLAN entry in 3Com Network Access Manager , follow these steps: 1 Either click VLANs in the T r.
Using The Network Administrator User Interface 39 Y ou can no w: ■ associate rules with thi s VLAN if the rules hav e alr eady been cr eated, see “Changing Rule Properties”. Deleting An Existing VLAN T o delete an existing VLAN entry in 3Com Network Acc ess Manager , follow these steps: 1 Click on VLANs in the T ree pane.
40 C HAPTER 3: G ETTING S TARTED 4 Click OK This completes changing the ID for an existing VLAN entry in 3Com Network Access Manager . Displaying Rules Associated With A VLAN T o display the rules associated with a VLAN, follow these steps: 1 Click on VLANs in the T ree pane.
Using The Network Administrator User Interface 41 Figure 16 QoS Pr ofiles View Detail Pane Creating A New QoS Pr ofile T o create a new QoS pr ofile entry in 3Com Network Access Manager , follow these.
42 C HAPTER 3: G ETTING S TARTED This completes cr eating a new QoS pr ofile ent ry in 3Com Network Access Manager . Y ou can no w: ■ associate rules with this QoS profil e if the rul es have alr eady been created, see “Changing Rule Properties”.
Using The Network Administrator User Interface 43 The ID should be a str ing of characters that match the ID assigned to the QoS profi le in the ne twork acce ss device (switc h or wireless a ccess point). 4 Click OK or Cancel. This completes changin g the ID for an existing QoS profile entry in 3Com Network Access Manager .
44 C HAPTER 3: G ETTING S TARTED Figure 17 EFW Policies View Detail Pane Creating A New EFW Policy Before cr eating an EFW policy in 3Com Network Access Manager make sure that the EFW policy has already been created in the EFW Policy Server .
Using The Network Administrator User Interface 45 This completes creating a new EFW policy entry in 3Com Network Access Manager . Y ou can no w: ■ associate rules with this EFW policy if the rules have already been created, see “Changing Rule Properties”.
46 C HAPTER 3: G ETTING S TARTED 3 Select the Members tab, a list of rules associat ed with the EFW policy will be displayed in the window . 4 Click OK or Cancel.
Using The Network Administrator User Interface 47 Creating A New Rule T o create a new rule, assign a prio rity and network access response to the rule, follow these steps: 1 Either click Rules in the.
48 C HAPTER 3: G ETTING S TARTED Figure 19 Security T ab For A Rule c Repeat steps 7a and 7b for each group and user permitted to assign the rule. Ta b l e 7 Selecting Appropriate Rule Permissions Rol.
Using The Network Administrator User Interface 49 8 Select the Action tab and configure the action attributes for the rule, Figur e 20. Figure 20 Action T ab For A Rule a Y ou chan ged the Priority setting for the rule in step 5. There is no need to change it again unless y ou need to assign a differ ent unique priority .
50 C HAPTER 3: G ETTING S TARTED T o un derstand the effect of this action, you need to be aware of how t he edge port security is set up on the network. In some port modes, the response may appear illogical, for instance, Allow can be used to implement a blacklist.
Using The Network Administrator User Interface 51 Contro lling Permission T o Apply A Rule Selecting who has permission to apply a rule, is perf ormed when the rule is cr eated. Permissions can be change d after a rule is created, pr oviding the user or group making the change has write permission for the rule.
52 C HAPTER 3: G ETTING S TARTED 4 Click OK . 5 If EFW policies are used, click on th e Recalculate EFW Membersh ip button in the T ool bar after chang ing the rule priorities. Changing Rule Pr operties Selecting the properties for a rule is performed when the ru le is created.
Using The Network Administrator User Interface 53 T o ad d or remove computers associated with a rule, refer to “Displaying And Changing The Rules And MAC Address Associated With A Computer”. Users View Clicking on Users in the T ree pane di splays in the Detail pane a list of Users which already exist in the domain, see Figure 21.
54 C HAPTER 3: G ETTING S TARTED Associating Rules With A User All users in the domain will have th e Default Rule applied until they are associated with other rules created with 3Com Network Access Manager .
Using The Network Administrator User Interface 55 Figure 22 Network Access T ab 4 T ick the box beside each rule that is to be associated with the user . If the rule is grayed out then the user is a member of a group which is alr e ady associated with the rule.
56 C HAPTER 3: G ETTING S TARTED Displaying And Changing Rules Associated With A User T o display and change the rules associated with a user , follow these steps: 1 Either click on Users in the T ree.
Using The Network Administrator User Interface 57 Groups View Clicking on Groups in the T ree pane di splays in the Deta il pa ne a list of Groups which alr eady exist in the do main, see Figur e 23.
58 C HAPTER 3: G ETTING S TARTED Associating Rules With A Group All groups in the domain will have th e Default Rule applied until they ar e associated with other rules created with 3Com Network Access Manager .
Using The Network Administrator User Interface 59 5 Click OK This completes associating rules with a group. Displaying And Changing Rules Associated With A Gr oup T o display and change the rules asso.
60 C HAPTER 3: G ETTING S TARTED DO NOT change rule memb ership using the Memb ers Of tab. Creating A New Gr oup T o create a new group in the system, you will need to use a tool such as the “Active Directory Users and Computers” administration tool.
Using The Network Administrator User Interface 61 Figure 25 Comp uters View Detail P ane Entering MAC Addresses For A Computer T o use MAC-add ress based authentication, the computers in the domain need to have their MAC addr esses entere d into 3Com Network Access Manager .
62 C HAPTER 3: G ETTING S TARTED Associating Rules With A Computer Ensure you have entered the MAC add ress of the computer in your network, before associating rules with the comp uter . 3Com Network Access Manager will only apply a ru le to the computer if the RADIUS request includes the MAC addr ess as the Calling-Station-Id.
Using The Network Administrator User Interface 63 Figure 26 Network Access T ab 4 T ick the box beside each rule that is to be associated with the computer . If the rule is grayed out then the computer is a member of a group which is already associated with the rule.
64 C HAPTER 3: G ETTING S TARTED Displaying And Changing The Rules And MAC Addr ess Associated With A Computer T o display and change the rules a nd MAC addresses associated with a computer , follow t.
Using The Network Administrator User Interface 65 7 Click OK. This completes displaying and cha nging the rules and MAC addresses associated with a computer . Creating A New Compu ter T o add a computer to the system, you will need to use a tool such as the “Active Directory Users and Computers” administration tool.
66 C HAPTER 3: G ETTING S TARTED Using The Operator User Interface Network Operators use th e standard Active Directory Users and Computers interface, accessed from Programs>Administrative T ools>Active Director y Users and Computers .
Using The Operator User Interface 67 Figure 27 Changing Rules Associated With A User T able 11 Rules T ick Box For A User Tick Box Set ting Meaning Black, not ticked The rule does not apply to this us.
68 C HAPTER 3: G ETTING S TARTED 4 Change the rules applied to a user by either ticking or removing the tick from rules that ar e black. T o change a rule that is applied indir ectly through a group, see “Displaying And Changing Rules Associated W ith A Group”.
Using The Operator User Interface 69 Displaying And Changing The Rule Associated With A Computer T o display and change th e rules associated with a computer , follow these steps: 1 Click on Computers in the T ree pane. The Details pane on the right will list all of the compu ters that the Network Operato r can manage.
70 C HAPTER 3: G ETTING S TARTED 4 Y ou can change which of these rules ar e applied to a computer by either ticking or removing the tick from rules that are black. T o chan ge a rule that is applied indirectly thr ough a group, see “Displaying And Changing Rules Associated W ith A Group”.
4 U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK This chapter provides: ■ six case studies on how 3Co m Netw ork Access Manager can be setu p to provide dif fer ent levels of security on a network.
72 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK Case Study 1 - Controlling User Access T o The Network This case study describes the tasks that need to b e performed in order to control user access to the networ k using IEEE 802.
Case Study 1 - Controlling User Access To The Network 73 Network Operator Ta s k s The following provides an overview of the tasks for a network ope rator responsible for contr olling user access to the network domain.
74 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK What Happens When A User Logs In The following takes place when a user conn ects and logs into the network domain. 1 The user’ s PC connects to the network and the user logs in with a username.
Case Study 2 - Restricting Network Access To Known Computers 75 Case Study 2 - Restricting Network Access T o Known Computers This case study describes the tasks that need to b e performed in order to restrict network access to known computers, using MAC-addr ess based authentication.
76 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK 6 Associate the Authorized Computers rule created in step 3 with the group cr eated in step 5. a Highlight the specific group in the Details pane, and right-click. Select Properties .
Case Study 2 - Restricting Network Access To Known Computers 77 5 Click OK and exit the Active Directory Users and Computers interface. On being informed that a specific PC needs to be denied access t.
78 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK Case Study 3 - Blocking A Specific PC From The Network This case study describes the tasks that need to b e performed in order to block a specific PC from the network, using MAC-address based authentication.
Case Study 3 - Blocking A Specific PC From The Network 79 When a PC needs to be blacklisted: 1 Enter the MA C address for the comp uter that needs to be blacklist ed. For information on ent ering MAC addre sses, see “Entering MAC Addr esses For A Computer”in Chapter 3.
80 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK A list of rules that the operator has permission to apply will be displayed. 4 Untick the Blacklist rule applied to the PC. 5 Click OK and exit the Active Directory Users and Computers interface.
Case Study 4 - Hot Desking 81 Case Study 4 - Hot Desking Combining Auto VLAN with IEEE 802.1 X enables users t o login anywhere on the network, and always have acce ss to their network (for example, the Engi neering VLAN, or Market ing VLAN). Th is makes hot -desking viable, as users can change desks a nd still gain access to their network.
82 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK select the VLAN ID, QoS pr ofile and EFW policy (if appropriate) for each rule.
Case Study 4 - Hot Desking 83 a If the user is listed in Active Directory , and the new rule allowing access and assigning VLAN and QoS profile has been applied to the user (or a group that the user is a member of), IAS replies Accept with the VLAN ID and QoS profile for that user .
84 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK Case Study 5 - Removing Infected Devices From The Network Combining Auto VLAN with MAC-a ddr ess based authenticat ion enables infected PCs to be moved to a se parate network, un til the network administrator has removed any viruses or worms.
Case Study 5 - Removing Infected Devices From The Network 85 When a PC needs to be isolated for the first time: 1 Enter the MAC address for the computer that needs to be r emoved from the network. For information on entering MAC addresses, see “Entering MAC Addr esses For A Computer”in Chapter 3.
86 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK What Happens The following takes place when a PC connects to the network. 1 The switch checks the MAC address of the PC with Active Directory . a If the PC is on the Isolation list, IA S replies Accept with the VLAN ID of the Isolation Network.
Case Study 6 - Combining Hot Desking With Host Filtering 87 Case Study 6 - Combining Hot Desking With Host Filtering This case study describes the tasks that need to b e performed in order to set up hot desking with the ability to filter out specific hosts.
88 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK When a PC needs to be isolated for the first time: 1 Enter the MAC address for the computer that needs to be r emoved from the network. For information on entering MAC addresses, see “Entering MAC Addr esses For A Co mputer ”in Chapt er 3.
Case Study 6 - Combining Hot Desking With Host Filtering 89 What Happens When A User Logs In The following takes place when a user conn ects and logs into the network domain.
90 C HAPTER 4: U SING 3C OM N ETWORK A CCESS M ANAGER W ITHIN A N ETWORK.
5 P RO B L E M S OLVING This chapter covers: ■ checking the Windows Event Vi ewer for ob vious pr oblems, ■ resolving pr oblems related to setting up 3Com Network Access Manager .
92 C HAPTER 5: P ROBLEM S OLVING Figure 29 System Event Log Figure 30 3Com Network Access Manager Authorization Lo g.
Checking the Event Viewer 93 Figure 31 Event detail Identifying Where The Problem Lies 3Com Network Access Manager is de pendent on IAS. A problem with 3Com Network Access Manager may be caused by an underlying issue with IAS. If that is the case then it will be IAS that logs an event and not 3Com Network Access Manager .
94 C HAPTER 5: P ROBLEM S OLVING Problems Related to Setting Up This section details possible problem s that you might experience when setting up and using 3Com Network Access Manager . Each problem is described by a symptom, an explanation of t he cause of the problem and a suggestion on what to do to remedy the problem.
Problems Related to Setting Up 95 Clicking on Rules in the Tree pane displays an empty Display pane. Note: After correct installation the Default Rule will alway s be shown in the Display pane Either: The Active Directory component for 3Com Network Access Mana ger has not been installed on an Ac tive Directory serv er in the network domain.
96 C HAPTER 5: P ROBLEM S OLVING . On a PC used by a Network Operator, selecting Active Directory Users and Computers , then right-clicking Users or Computers in the Tree pane and selectin g Properties does not display a Network Access tab The Operator User Interface component has not been inst alled on the Network Operator’s PC.
Problems Related to Setting Up 97 The expected rules for a computer are not applied. The computer’s MAC address has not been entered correctly into 3Com Network Access Manager. Follow the steps in “Entering MAC Addresses For A Com puter” in Chapter 3.
98 C HAPTER 5: P ROBLEM S OLVING The Network Access tab, accessible by right-clicking Users or Groups or Computers in the Tree pane and selecting Properties does not show the actual rule being applied to the user, group or computer.
Problems Related to Setting Up 99 Incorrect EFW Policy is used for an EFW user Either: Active Directory has not been updated with changes which affect the EFW Po licy applied to the user.
100 C HAPTER 5: P ROBLEM S OLVING.
A C RE A T I N G A R EMOTE A CCESS P OLICY For 3Com Network Access Manager to authenticate use rs and computer s accessing the network, an IAS Remote Access Policy must first be created.
102 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 2 Right-click Remote Access Policies in the T ree pane and select New Remote Access Policy , see Figure 33. Figure 33 New Remote Access Policy 3 T y pe the name of the new policy , see Figure 34. Click Next.
Using Microsoft Windows 2000 Serv er Operating System 103 Y ou now need to add a condition that will cause the Remote Access Policy to run. 4 On the Conditions dialog, click Add. On the Select Attribute dialog select Client Vendor and click Add , see Figure 35.
104 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY Figure 36 Selecting 3Com as Client-V endor for Remote Access Policy 6 On the Conditions dialog, Figure 37, click Next Figure 37 Setting Policy Cond.
Using Microsoft Windows 2000 Serv er Operating System 105 7 On the Permissions dialog, Figure 38, select Grant remote access permission and click Next .
106 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 8 Y ou now need to specify the profiles of the users who match the condition you have specified. Click the Edit Profile button, see Figure 39.
Using Microsoft Windows 2000 Serv er Operating System 107 9 Select the Authentication tab, and select Encrypted authentication (CHAP) and Unencrypted authentication (PAP, SPAP), see Figure 40, accor ding to your network security policy and the devices on your network.
108 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 10 Select the Advanced tab and click Add, see Figure 41. Figure 41 Editing the Dial-in Pr ofile.
Using Microsoft Windows 2000 Serv er Operating System 109 11 Select Vendor Specific from the list of RADIUS attributes and click Add, see Figure 42. Figure 42 Adding V endor -Specific Attribute s.
110 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 12 On the Multivalued Att ribute Infor mation dialog, see Figure 43, click Ad d Figure 43 Multivalued Attribute Information Dialog.
Using Microsoft Windows 2000 Serv er Operating System 111 13 Select 3Com from the pull down list, click YES. It conforms and click C onfigure Attribute , see Figure 44 Figure 44 Configuring V endor -S.
112 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 14 Ty p e 9 as the Vendor assigned value , select Decimal as the Attribute format , and type 1 as the Attribute value. See Figure 45 . Click OK Figure 45 V endor Assigned Attr ibutes for 3Com 15 Click OK to close the V endor -Specific Attribute Information dialog .
Using Microsoft Windows 2000 Serv er Operating System 113 20 After viewing the Online Help, click Finish . The r emote access policy that you have just created will be added to the list of policies, see Figur e 47 Figure 47 New Remote Access Policy Added to List 21 Select the new r emote access policy fr om the list in the Detail pane.
114 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY Using Microsoft Windows Server 2003 Operating System Follow these steps to create a new r e mote access policy within IAS using Microsoft Windows Server 2003 Op erating System.
Using Microsoft Windows Server 2003 Operati ng System 115 Figure 49 New Remote Access Policy 3 The New Remote Access Policy W izard w ill be displayed, Figure 50.
116 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY Figure 50 New Remote Access Policy Wizard. 4 Select Set up a custom policy and type th e name of the policy .
Using Microsoft Windows Server 2003 Operati ng System 117 Figure 51 Set Up A Custom Policy Y ou now need to add a condition that will cause the Remote Access Policy to run. 5 On the Policy Conditions dialog, click Add. On the Select Attribute dialog select Client Vendor and click Add , see Figure 52.
118 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY Figure 52 Selecting Attribu tes for Remote Access Policy 6 Highlight 3Com in the Available types list and use the Add>> button to move 3Com to the Selected types list, see Figure 53. Click OK.
Using Microsoft Windows Server 2003 Operati ng System 119 Figure 53 Selecting 3Com as Client-V endor for Remote Access Policy 7 On the Policy Conditions dialog, Figur e 54 , click Next Figure 54 Setti.
120 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 8 On the Permissions dialog, Figure 55, select Grant remote access permission and click Next . Figure 55 Granting Remote Access Permis sion.
Using Microsoft Windows Server 2003 Operati ng System 121 9 Y ou now need to specify the profiles of the users who match the condition you have specified.
122 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 10 Select the Authentication tab, and select both Encrypted authentication (CHAP) and Unencrypte d authentication (PAP, SPAP), see Figure 57, accor din g to your network security policy and the devices on your network.
Using Microsoft Windows Server 2003 Operati ng System 123 11 Select the Advanced tab and click Add, see Figure 58. Figure 58 Editing the Dial-in Pr ofile.
124 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 12 Select Vendor Specific from the list of RADIUS attributes and click Add, see Figure 59. Figure 59 Adding V endor -Specific Attributes.
Using Microsoft Windows Server 2003 Operati ng System 125 13 On the Multivalued Att ribute Infor mation dialog, see Figure 60, click Ad d Figure 60 Multivalued Attribute Information Dialog.
126 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 14 Select 3Com from the pull down list, click YES. It conforms and click C onfigure Attribute , see Figure 61 Figure 61 Configuring V endor -Specif.
Using Microsoft Windows Server 2003 Operati ng System 127 15 Ty p e 9 as the Vendor assigned value , select Decimal as the Attribute format , and type 1 as the Attribute value.
128 A PPENDIX A: C REATING A R EMOTE A CCESS P OLICY 21 After viewing the Online Help, click Finish . The r emote access policy that you have just created will be added to the list of policies, see Figur e 64 Figure 64 New Remote Access Policy Added to List 22 Select the new r emote access policy fr om the list in the Detail pane.
B O BTAINING S UPPORT FOR Y OUR 3C OM P R ODUCTS 3Com offers pr oduct registration, ca se management, and repair services through eSupport.3com.com . Y ou must have a user name and password to access these services, which are described in this appendix.
130 A PPENDIX B: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Purchase Extended W arranty and Professional Services T o enhance re sponse times or extend your warra nty benefit s, you can purchase value-added services such as 24x7 telephone technical support, software upgrades, onsite assistance, or advanced hardware replacement.
Contact Us 131 T elephone T echnical Support and Repair T o obtain telephone support as part of your warranty and other service benefits, you must first register your pr oduct at: http://eSupport.
132 A PPENDIX B: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Europe, Middle East, an d Africa — T e lephone T echnical Support and Repair From anywhere in these regions, call: +44 (0)1442 435529 F.
I NDEX Numerics 3Com Enterprise Management Suite 23 3Com Knowledgebase tool 129 3Com Network Access Manager authorization log 91 before setting up 37 changing inst allation 30 devices supported 18 edg.
2 I NDEX Express services contract 130 extended warranty options 130 G group associating rules 58 changing associated rules 59 view 57 Guardian services contract 130 H hot desking 81 network access 81.
INDEX 3 changing members 52 changing priorities 51 changing properties 52 controlling permissions to apply 51 creating 47 Default Rule 16 deleting 50 displaying members 52 highest priority 16 network .
4 I NDEX.
An important point after buying a device 3Com DUA1550-0AAA02 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought 3Com DUA1550-0AAA02 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data 3Com DUA1550-0AAA02 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, 3Com DUA1550-0AAA02 you will learn all the available features of the product, as well as information on its operation. The information that you get 3Com DUA1550-0AAA02 will certainly help you make a decision on the purchase.
If you already are a holder of 3Com DUA1550-0AAA02, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime 3Com DUA1550-0AAA02.
However, one of the most important roles played by the user manual is to help in solving problems with 3Com DUA1550-0AAA02. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device 3Com DUA1550-0AAA02 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center