To have the user-based policy security implemented on the Nortel Switches(Baystacks and Passport 8600), in addition to the Win 2003 IAS(RADIUS) and Win 2003 Certificate Server, is Nortel EPM(Enterprise Policy Manager) a requirement as well? Or is there alternatives?
Thanks
Yes, the EPM is required. The RADIUS Server will return an attribute whose value corresponds to a set of filters that will be applied to the user's port. These filters are stored in the EPM database.
Is there any alternative for the Nortel EPM? Specifically, an EPM that utilize Microsoft Active Directory/LDAP where Nortel EPM uses iPlanet Directory Server.
Also, how would I find out what information can the Microsoft IAS/RADIUS server returns to the RADIUS client(e.g. Nortel Baystack 470) and what information can the switch(e.g. Nortel Baystack 470) accept from the RADIUS server?
Thanks
There is no alternative to the EPM. The RADIUS Server will return a Group Id attribute, as well as VLAN Id, and QoS level. (Note all of these attributes are optional. In this case if you are using UBP then you need the Group Id). On the EPM you would define the Group Id which would map to a set of filters that are applied to the edge switch.
Note that Nortel has a new solution called Secure Network Acess which authenticates and verifies the integrity of hosts before allowing them onto the network with requiring any special client on the host system. There is alot of details that I'm leaving out but you may want to ask Nortel about it since you are interested in this topic.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.