An important factor to consider when revamping a legacy network is not just policy-based routing, but policy-based switching that will allow decisions about traffic to be made on a port level. As mentioned in this Tech Target report, some network policy management software will make those decisions at the router, allowing the unwanted traffic to move into the distribution or core layers.
“‘If [policy] control is being done at the router, it isn’t being controlled at the edge of the network,’ Stinson said. ‘A router interface could have 50 switches on it, and users only hit those policies when they hit the router. So anybody plugged into that edge switch gets hit with the policy.’
“That port-level shutdown is part of NMS’s Automated Security Manager (ASM), which complements the platform’s Policy Manager feature, Stinson said. Alerted to rogue devices or suspect network activity by an intrusion detection system (IDS), ASM can disable the user or the port — either by alerting an administrator, or automatically, if an administrator doesn’t respond to an alert after a set amount of time.”