Network Resource groups provide a quick and easy way to define traffic classification rules for groups of network resources such as routers, VoIP (Voice over IP) gateways, and servers. You create a network resource group by defining a list of MAC or IP addresses for the resources you want included in the group.
In addition, you can use Network Resource Topologies to define a different resource list for different groups of devices in your domain. This enables you to set up network resource access based on the location where end users authenticate.
After a network resource group has been defined, you can associate it with an Automated service (see How to Create a Service for more information). The Automated service automatically creates a rule with a specified action (class of service and/or access control), for each resource address in the network resource group. Automated rule types include Layer 2 MAC Address rules, Layer 3 IP Address and IP Socket rules, and Layer 4 IP UDP Port and IP TCP Port rules.
You can also create Global Network Resources shared between all your domains and can be used by global automated services. Network Resource Topologies are not available for Global Network Resources.
| TIP: | The Policy tab Demo.pmd file contains
examples of network resource groups that you might want to create, such as Internet Proxy Servers and SAP
Servers. |
|---|
How to Create a Network Resource
- From the Policy tab, select the Network Resources left-panel tab.
- Right-click the Network Resources folder and select Create Network Resource. A New Network Resource item is created in the left panel in a highlighted box. (If you want to create a Global Network Resource, select the Global Network Resources folder.)
- Type the resource name in the Create window and select OK.
- In the right-panel General tab, use the Edit button to add a description of the network resource, if desired.
- Select the network resource Type:
- Layer 2 MAC - Define a group of network resources using MAC addresses.
- Layer 3 IP - Define a group of network resources using IP addresses.
- Select the appropriate network resource topology. Network Resource Topologies are used to divide the devices in a domain into groups called islands. You can then define a unique resource list for each island within that topology, allowing user access to resources on the network based on the physical location at which they authenticate. If you are not using topologies to group your devices, select the Domain Wide topology, which contains just one island for all your domain devices.
- For each topology island included in the selected topology, a tab is available where you can list the resources for that specific island. Use the address field (MAC or IP, depending on the selected type) and select the Add button to add a new resource to the list.
How to Create a Network Resource Topology
- From the Policy tab, select the Network Resources left-panel tab.
- Right-click the Network Resource Topologies left-panel tab and select Create Network Resource Topology. A New Network Resource Topology item is created in the left panel in a highlighted box.
- Type the topology name in the highlighted box.
- Expand the topology to see the Default Island, which contains all the devices in the domain.
- Right-click on the topology and select Create Network Resource Island. Type in the island name in the highlighted box and select OK. Use this step to create all the islands for this topology.
- Select an island and select the Add Devices button to open the Add Devices to Resource Island window, where you can move devices from the Default Island to the islands you just created. Select Add.
- Set any island as the [Default] island for new devices that are added to the domain by right-clicking the island and selecting Set Default.
The Network Resource Topology is available for selection when you create your network resources.
For information on related help topics: