![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
Set up the network control device (switch that supports IEEE 802.1X authentication). For details about setting up a switch, see the applicable manual for the switch.
- Setting for enabling IEEE 802.1X authentication
Enable IEEE 802.1X authentication.
- Authentication interval settings
Set the re-authentication interval, the EAP request frame transmission interval, and the number of re-authentication attempts for IEEE 802.1X authentication.
By setting a re-authentication interval and an EAP request frame transmission interval, client authentication is performed periodically in response to authentication requests sent from the switch. This allows client network connections to be controlled in a timely manner when the connection control list is updated.
- RADIUS server settings
Set the IP address, port number, and shared key of the authentication server. Use the shared key you specified when setting up the RADIUS client in Microsoft IAS or Network Policy Server.
- VLAN settings
Set up the various VLANs, including the corporate network and the quarantined network. When you set up the corporate network, use the VLAN-ID you specified for the Tunnel-Pvt-Group-ID attribute in the remote access policy of Microsoft Internet Authentication Service or Network Policy Server.
The following explains the VLANs to set up on the switch, and how to set up communication between the VLANs.
- Organization of this subsection
- (1) Inter-VLAN communication settings specified on the switch
(1) Inter-VLAN communication settings specified on the switch
The following figure shows the recommended VLAN configuration.
Figure 13-10 Recommended VLAN configuration
- In this configuration four VLANs have been set up:
- Corporate VLAN
A corporate network to which safe clients are connected. This network provides access to various servers including the job server and the Web server.
- Quarantined VLAN
A quarantined network to which clients with a high security risk level are connected.
- Treatment server VLAN
A network containing the treatment server.
- Server VLAN
A network containing the management server and the authentication server.
The following table shows how communication takes place between VLANs.
Table 13-8 Inter-VLAN communication settings
No. VLAN name Corporate VLAN Quarantined VLAN Server VLAN Treatment VLAN 1 Corporate VLAN Yes No Yes Yes 2 Quarantined VLAN No Yes No Yes 3 Server VLAN Yes No Yes Yes 4 Treatment server VLAN Yes Yes Yes Yes
- Legend:
- Yes: Communication can take place.
- No: Communication cannot take place.
- Note
- Be sure to set up communication between the VLANS as shown in Table 13-8.
- When security measures are implemented on a client, or client inventory information is reported to a higher system, communication takes place in each case via the treatment server VLAN.
- When implementing security measures on clients
Server VLANTreatment server VLAN
- When reporting inventory information for clients
Quarantined VLAN
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated
![[Figure]](FIGURE/ZU131400.GIF)