Extreme Networks EPICenter Guide Manual page 121

Concepts and solutions guide

Hide thumbs Also See for EPICenter Guide:

Reference manual (580 pages)

Software installation manual (546 pages)

Manual (208 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

Table of Contents

3 Verify there is an appropriate "fall-through" control in your access list design. This default control is

what will be used when all other access lists do not match the traffic pattern. Typically, this default

control is a "deny-all" access list to block all traffic that does not match any security policy in place.

Using EPICenter to Create Access Lists

You use the optional Policy Manager feature in EPICenter to configure and monitor access lists. The

Policy Manager has a set of predefined services that you can configure to control network traffic

between users, devices or groups of users and devices. You create a set of policies to match the traffic

controls you want in place on your network. You must also set up the order in which these policies will

be applied. EPICenter uses these high-level policies to automatically create a set of access lists in each of

the network devices affected by the policy. When traffic comes into your network, the Extreme

Networks ingress switch port compares the traffic pattern (protocol, source and destination addresses

and ports) with the set of configured access lists. The access list is traversed in order until a match

occurs. If the traffic pattern matches an access list, that access list controls what happens to the traffic

(allowing it to continue on the network, or denying it and dropping the packets at the ingress port).

You need to have the appropriate license to use the optional Policy Manager feature in EPICenter.

Selecting the Policy Manager from the navigation bar in EPICenter displays the list of configured

policies. To create a new policy for IP Access Lists, follow these steps:

1 Select the "New" button to create a new policy within the Policy Manager.

2 Define the new policy based on network resources (groups, devices), users (hosts or groups of

hosts), and the predefined list of network resource services (protocols, allowed or denied).

3 Save your new policy.

4 Click the "Order" button to set the order of precedence for your policies. This must match the order

you determined while designing your access lists.

5 Verify your policies match your access list requirements using the ACL Viewer option in the Policy

Manager.

Figure 54

shows an example of an IP based policy that will block TCP SYN packets from the network.

EPICenter Concepts and Solutions Guide

Network Access Security

121

Table of Contents

This manual is also suitable for:

Epicenter 6.0

Extreme Networks EPICenter Guide Manual page 121

Related Manuals for Extreme Networks EPICenter Guide

Related Products for Extreme Networks EPICenter Guide

This manual is also suitable for:

Table of Contents