Section 12.1: Access Policies
Access policies are the defining guidelines that are necessary to create a level of access control. Access policies may vary widely; different size businesses may require a different type of access policy. An access policy may define: the management and configuration of network devices, including physical security, logical security, and access control; the means of controlling user access to the network through the use of mechanisms such as switch port security and VLAN management; controlling access to distributed and enterprise services; determining the traffic allowed out of a distribution switch and into the core network, as well as how traffic is managed; and route filtering to determine the routes that should be seen by the core network.
In the campus environment, an access policy is designed to police that traffic going to and from the campus. The policy should allow only the traffic required to do business. An access policy should also provide a measure of protection to those network devices in the campus. Each layer in the network can and should have a different access policy. Some access policies could, however, apply to all devices in the network. Table 12.1 summarizes the different characteristics and access policies for each hierarchical layer of a given network.
Table 12.1: Access Policy Guidelines
Access Layer The access layer is the entry point for the users to the campus
network. Use Port Security and passwords here to protect the network.
Distribution Layer The distribution layer carries the bulk of all policy decisions.
This layer defines what traffic enters to or from the core and access layers. Many of the network device access policies should be the same as the access layer.
Core Layer The core layer is a high bandwidth backbone handling the traffic
of all the other devices in the network. There usually should be no policies at this layer because the core's function is to pass traffic at a high speed. Any policy implemented would slow down the flow.