Online Behavior Management
With the emergence of new applications and behavior on networks, enterprise network administrators need to standardize online behavior of users in complex network environment. Router supports online behavior management, including various access authentication and application control methods, to prevent unauthorized users from accessing the network and prevent employees from performing non-work-related operations. This function improves bandwidth use efficiency.
In Figure1, an enterprise network is connected to the Internet through Router A, which functions as the gateway. The physical access control department is connected to Router A through Router B, the office and management areas are connected to Router A through Router C, and the guest area is connected to Router A through APs. To ensure security of the enterprise intranet, user access needs to be controlled. Only the users who are successfully authenticated can access authorized network resources. To standardize online behavior and improve work efficiency, the instant messaging software and download software such as BT and eDonkey_eMule must be forbidden in the office area. In addition, bandwidth needs to be properly allocated to different services to ensure the key services. When congestion occurs, the management area needs higher bandwidth.
User Access and Authentication
To protect security of the entire enterprise network, router integrates terminal security and access control and takes the check, isolation, security hardening, and audit measures. These measures improve the proactive protection capability of terminals.
- 802.1x: based on port and MAC address. This method is applicable to new networks that have high-density users and information confidentiality requirement.
- MAC address: based on MAC address of users. This method is applicable to dumb terminals such as printers and fax machine.
- Portal: through portal authentication website. This method is applicable to networks with scattered, moving users.
- Authenticates static users based on user IP address.
- Assigns priorities and VLAN IDs to user groups so that users in different groups have different priorities and network access rights.
For details about the preceding functions, see NAC Configuration.
Application-based Management
To prevent employees from accessing non-work-related websites, the network administrator needs to control the applications used by online employees. The router supports Smart Application Control (SAC), which intelligent classifies applications and enforces policies to different application categories. For example, SAC can prohibit the non-work-related applications such as QQ to standardize user online behavior and improve work efficiency. For details about SAC, see SAC Configuration.
Bandwidth Management
To improve network use efficiency, enterprise administrators need to allocate different bandwidth to different service flows, for example, sufficient bandwidth for key services and restricted bandwidth for common services.
- Based on interface: control inbound and outbound traffic rate on an interface.
- Based on service type: restrict bandwidth for a certain type of service.
- Based on IP address: restrict bandwidth for a certain IP address.
- Based on user group: restrict bandwidth for the user group matching certain conditions.
- Based on multi-level queue: restrict bandwidth for a certain type of service and user.
For details about bandwidth management, see Traffic Policing and Traffic Shaping Configurations, Bandwidth Management Configuration, and Configuring HQoS.