Getting away from the time-consuming process of access control list (ACL) programming motivated two colleges to...
swap out an aging network infrastructure for new gear from Enterasys Networks.
ACL programming was the motivator for Ben Guanzon, director of IT at Vancouver Community College, who recently swapped out his Cisco campus switches for a network of about 150 C Series Enterasys switches at his school. He's also planning to swap out his legacy Nortel core switches and is leaning toward Enterasys.
Guanzon said he wanted to get away from a world where network access and policy management was handled through ACL programming. Enterasys switches have security and policy capabilities baked right into them. They can identify users based on their log-in and apply policies and security at a port level.
"The management of the older technology, where we had to do a lot of ACL programming to get specific security or routing in place for all the switches we had across the campus, was a major challenge for us," Guanzon said. "In Enterasys, we go to their management tool [Enterasys Network Management Suite] and we can go to a certain closet, and there are the switches in that closet seen through this tool. We can click on the ports we want to change specific policies for, we say we want to apply this policy to these ports, and that's how it works. That's as opposed to some of the management that was available through, let's say, Cisco, where we had to do specific ACL programming for each of the ports we wanted to activate using CLI [command line interface]. "
"We have a lot of different types of individuals accessing our network," Guanzon said. "When someone enters a classroom and plugs in their laptop, the switches have the ability to identify that individual, whether they are a student or faculty or whatever class of employee, and apply policies for that particular individual so that they don't tap into other parts of the network. "
Seton Hill University in Greensburg, Pa., also recently switched to Enterasys, replacing its aging Cisco 3750 and 4507 switches with a network of N Series and C Series switches from the data center to the edge. The school also installed a new Enterasys wireless LAN, deploying about 240 HiPath wireless access points across campus, all managed by a pair of redundant 4110 controllers.
CIO Phil Komarny admits that price was a huge factor for him in choosing Enterasys over Cisco for a network refresh. But he said simplified policy management that avoided all the complicated ACL programming involved in his legacy switches was a big draw for him, too. "Based on all the policies we can do at the edge [with Enterasys], it was a nice solution for us," he said. "Price was a factor, too, but it wasn't the deciding factor."
Now Enterasys has introduced deeper integration of its HiPath wireless LAN portfolio (the HiPath products used to be part of Siemens Enterprise Networks before it merged with Enterasys) by adding the role-based access control capabilities found in Enterasys' wired infrastructure, allowing companies to manage network access control by user across both wired and wireless infrastructures.
"When they do merge [wireless and wired policy management] together and make it more integrated, it will save us a lot of time from maintaining all these separate rule sets and all these different policies," Komarny said. "We will be able to pull it all through one process."
"Our solution is not ACL dependent," said Will Aguillar, director of product management for Enterasys. "There is no requirement to segregate users based on VLAN or SSID, so within the same VLAN or SSID you can enforce policy or quality of service [QoS] based on role. When employees sign into the network, they get certain access and certain rate-limiting parameters, while guests will be assigned a different role. If you define a set of access policies, you're able to push that change through wired and wireless infrastructures with a single click," Aguillar continued. "You don't have two different networks and management systems where you have to apply one policy on the wired infrastructure and another set of policies on the wireless infrastructure. It's all consolidated into a single view."
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor