Nac solution components, The nac appliance, Nac solution components -4 – Enterasys Networks 9034385 User Manual

NAC Solution Components

1-4 Overview

NAC Solution Components

This section discusses the required and optional components of the Enterasys NAC solution, 
beginning with the following table that summarizes the component requirements for each of the 
four deployment models.

.

The NAC Appliance

The NAC appliance is a core component of the Enterasys NAC solution and is required for all 
NAC deployment models. It provides the ability to detect, authenticate, and effect the 
authorization of end devices attempting to connect to the network. It also integrates with or 
connects to assessment services to determine the security posture of end‐systems connecting to 
the network. Once authentication and assessment are complete, the NAC appliance effects the 
authorization of devices on the network by allocating the appropriate network resources to the 
end‐system based on authentication and/or assessment results.

If authentication fails and/or the assessment results indicate a noncompliant end‐system, the NAC 
appliance can deny the end‐system access to the network, quarantine the end‐system with a 
highly restrictive set of network resources, or permit network access, depending on the appliance’s 
configuration.

The NAC appliance also provides the remediation functionality by means of a Remediation Web 
Server that runs on the appliance. Remediation informs end users when their end‐systems have 
been quarantined due to network security policy non‐compliance, and allows end users to safely 
remediate their end‐systems without assistance from IT operations. 

Table 1-1 Component Requirements for NAC Deployment Models

NAC Component

Model 1

Detection and

Tracking

Model 2

Authorization

Model 3

Authorization with

Assessment

Model 4

Authorization with

Assessment and

Remediation

NAC Appliance

Required

Required

Required

Required

NetSight NAC
Manager

Required

Required

Required

Required

NetSight Console

Required

Required

Required

Required

Assessment Server

Optional

Optional

Required

Required

RADIUS Server

1

Optional

Optional

Optional

Optional

NetSight Policy
Manager

2

Optional

Optional

Optional

Optional

NetSight Inventory
Manager

3

Optional

Optional

Optional

Optional

1. A RADIUS server is only required if out-of-band NAC is implemented with the NAC Gateway, and

802.1X or web-based authentication is deployed on the network.

2. NetSight Policy Manager is required for inline NAC deployments. NetSight Policy Manager is

suggested if Enterasys policy-capable switches are deployed on the network and utilized as the
traffic enforcement or authorization point for connecting devices. Policy Manager allows the
centralized definition and deployment of policies to Enterasys switches for the consistency and
ease of management of the authorization levels for connecting end-systems.

3. NetSight Inventory Manager is suggested if Enterasys switches are deployed on the network for

ease of firmware and configuration management across the enterprise.