Netsight management, Netsight nac manager, Netsight management -9 – Enterasys Networks 9034385 User Manual

NAC Solution Components

Enterasys NAC Design Guide 1-9

NetSight Management

The NAC appliances are configured, monitored, and managed through management applications 
within the Enterasys NetSight Suite. NetSight is a family of products comprised of NetSight 
Console and a suite of plugin applications. Of the following NetSight applications, NetSight NAC 
Manager and NetSight Console are required for all four NAC deployment models, while NetSight 
Policy Manager and NetSight Inventory Manager are optional, depending on your network 
configuration and the network access control features you wish to implement. Following is a 
description of the NetSight applications.

NetSight NAC Manager

NetSight NAC Manager is a required core component in the Enterasys NAC solution. NAC 
Manager and NAC appliances work in conjunction to implement network access control. NAC 
Manager provides configurations for the assessment, authentication, authorization, and 
remediation parameters for all NAC appliances (NAC Gateways and NAC Controllers) from one 
centralized interface. After these configurations are enforced, the NAC appliances can detect, 
authenticate, assess, authorize, and remediate end‐systems connecting to the network according 
to those configuration specifications. 

NAC Granularity

Advantage:
The NAC Gateway is always aware of
the MAC address of the device
connecting to the network, and its
associated IP address, username,
and location (switch IP address and
port). Therefore, NAC can be
configured to uniquely authenticate,
assess, and authorize specific end-
systems and users in particular
locations in the network.

Disadvantage:
While the Layer 2 NAC Controller
knows the MAC address of the
connecting end-system and can obtain
the associated username, the Layer 3
NAC Controller may not have this
information. Therefore, the Layer 3
NAC Controller lacks the ability to
uniquely authenticate, assess, and
authorize specific devices and users,
and implements NAC for all connected
end-systems in the same way.
Furthermore, Layer 2 and Layer 3
NAC Controllers do not provide
visibility down to the access layer port
to which an end-system is connected,
and cannot control access to the
network based on switch access layer
port connection.

Scalability

Advantage:
Very scalable because little if any
end-system data traffic is processed
by the NAC Gateway (being out-of-
band). Therefore, an increased
number of end-systems are
supported per NAC Gateway.

Advantage:
Very scalable because hardware-
based forwarding of data traffic using
Enterasys-built custom ASICs is
implemented to achieve multi-gigabit
throughput speeds for the NAC
Controller.

Table 1-3 Comparison of Appliance Advantages and Disadvantages (continued)

Features

NAC Gateway

NAC Controller