11 upn support, Upn support -6 – Enterasys Networks C1H124-24 User Manual
Page 24
UPN Support
1-6
Introduction
1.11 UPN SUPPORT
User Personalized Networks (UPN) is an architecture that allows network administrators to map
network services to identified users, machines, peripherals and other network entities. UPN
consists of three tiers:
•
Classification rules make up the first or bottom tier. The rules apply to devices in the UPN
environment, such as switches and routers. The rules are designed to be implemented at or near
the user’s point of entry to the network. The rules are typically at Layer 2, 3, or 4 of the OSI
network model.
•
The middle tier is Services, which allows multiple classification rules to be aggregated. Services
can include e-mail and Internet access.
•
Roles, or Behavioral Profiles make up the top tier. The roles assign services to various business
functions or departments, such as executive, sales, and engineering.
To implement most roles, UPN requires authentication such as 802.1x using EAP-TLS,
EAP-TTLS, or EAP-PEAP. Authorization information, attached to the authentication response,
determines the application of the UPN policy. One way to communicate the authorization
information is to include the Policy Name in a RADIUS Filter-ID attribute. A UPN administrator
can also define a role to be implemented in the absence of an authentication and authorization.
Refer to the release notes shipped with the module for details.
The rules can only be implemented on the Matrix system by the Enterasys NetSight Policy
Manager, which is described on the web site at