![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
Set up the network control device (switch that supports IEEE 802.1X or MAC authentication). For details about how to setting up a switch, see the applicable manual for the switch.
- IEEE 802.1X authentication
- Setting for enabling IEEE 802.1X authentication
Enable IEEE 802.1X authentication.
- Authentication interval settings
Set the re-authentication interval, the EAP request frame transmission interval, and the number of re-authentication attempts for IEEE 802.1X authentication.
By setting a re-authentication interval and an EAP request frame transmission interval, client authentication is performed periodically in response to authentication requests sent from the switch. This allows client network connections to be controlled in a timely manner when the connection control list is updated.
- RADIUS server settings
Set the IP address, port number, and shared key of the authentication server. Use the shared key you specified when setting up the RADIUS client in Microsoft Internet Authentication Service or Network Policy Server.
- Access list settings
Set the access list that contains the connection control settings for the clients connected to the unauthenticated network.
- MAC authentication
- Setting for enabling MAC authentication
Enable MAC authentication.
- Maximum connection time setting
By setting the maximum connection time for MAC authentication, client authentication is performed periodically in response to authentication requests sent from the switch. This allows client network connections to be controlled in a timely manner when the connection control list is updated.
- RADIUS server settings
Set the IP address, port number, and shared key of the authentication server. Use the shared key you specified when setting up the RADIUS client in Microsoft Internet Authentication Service or Network Policy Server.
- Access list settings
Set the access list that contains the connection control settings for the clients connected to the unauthenticated network.
The following explains the network configuration and access list settings.
- Organization of this subsection
- (1) Network configuration and access list settings
(1) Network configuration and access list settings
The following figure shows the recommended network configuration.
Figure 13-11 Recommended network configuration
- The following describes each network in the figure.
- Corporate network
The intra-company network to which safe clients are connected. This network can contain the application server, Web server, and other network components.
- Unauthenticated network
The network to which unsafe clients are connected as a security measure.
- Treatment server network
The network to which the treatment server belongs.
- Server network
The network to which the management server and authentication server belong.
- The access list settings are specified as follows:
- Connection between the unauthenticated network and treatment server network is permitted.
- Connection between the unauthenticated network and server network is prohibited.
- Connection between the unauthenticated network and corporate network is prohibited.
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated
![[Figure]](FIGURE/ZU131450.GIF)