This document is a sample of written work only. Copyright remains the property of the respective owners.
Segmenting the network and enforcing user
   access control
Managing Bottlenecks
Controlling Network Bandwidth
Protecting Network from Intrusion and Virus Attack
Upgrading the Firmware
As network administrators in a small to medium size business (SMB), there are several important tasks we usually have to take care of, such as managing users’ access across departments, controlling network bandwidth, protecting network from intrusion and virus attack, and upgrading of firmware.

Segmenting the network and enforcing user access control
Typical of most SMB networks, we probably already have an unmanaged switch with all our network hosts in one network segment. While this configuration is good for ease of communicating freely with one another, it is also common knowledge that unauthorized access of critical data across departments is possible.

One of the ways to work around cross department access of data is to group users into different virtual local area networks (VLANs) and enforce user access control list (ACL).With unmanaged switch, however, this cannot be done. What comes to mind next is of course to have the current switch upgraded to a smart switch so that network segmentation and grouping of different departments into individual VLANs are possible.

However, not all smart switches are the same in functionality. With a standard smart switch, two issues remain to be resolved. First, not all smart switches have full-featured ACL. Second, standard smart switch usually use symmetric switching which only provide switched connections between ports with the same bandwidth where only one port can be a member of one VLAN or network segment. This means it will be difficult to integrate shared resources into the network.

In order to address the issue of unauthorized user access, what we need probably is to get a smart switch that has full IP and MAC address ACL functionality. It should be capable of restricting access of specific network resource from specified network hosts to ensure only authorized users can access confidential information while unauthorized users are denied access.

In addition, it’ll be good if the smart switch also offers:

• Port Security for creating a list of MAC addresses that are allowed access to the network for   each port

• IEEE 802.1X user authentication via external RADIUS server acting as the authentication
  server to allow only legitimate users listed in the user database to access the network.

This is because with port security and 802.1X authentication, greater control of user access can be increased exponentially.
  NEXT >