Summary, Summary -13, Use scenario summaries -13 – Enterasys Networks 9034385 User Manual

Summary

Enterasys NAC Design Guide 3-13

5. Remediation ‐ When the quarantined end user opens a web browser to any web site, its traffic is 
dynamically redirected to a Remediation web page that describes the compliance violations and 
provides remediations steps for the user to execute in order to achieve compliance. After taking 
the appropriate remediation steps, the end user clicks on a button on the web page to reattempt 
network access, forcing the re‐assessment of the end‐system. At this point, the Enterasys NAC 
solution transitions the end‐system through the entire NAC cycle, re‐assessing the security 
posture of the end‐system to determine if the remediation techniques were successfully followed. 
If the end‐system is now compliant with network security policy, the NAC Controller authorizes 
the end‐system with the appropriate access policy. If the end‐system is not compliant, the end‐
system is restricted access to the network by assigning a policy to the end‐system on the NAC 
Controller, and the process starts again.

Summary

The decision whether to deploy inline or out‐of‐band network access control depends on the 
infrastructure devices deployed in your network. For some network topologies, inline NAC 
utilizing the NAC Controller appliance may be required while for other network configurations, 
out‐of‐band NAC utilizing the NAC Gateway appliance may be used.

The following table summarizes four NAC use scenarios and their NAC appliance requirements. 
The Enterasys NAC solution is capable of implementing network access control for all four use 
scenarios as well as environments with mixed use scenarios that may require the concurrent 
deployment of inline and out‐of‐band NAC.

.

Table 3-1 Use Scenario Summaries

Use Scenario

Summary and Appliance Requirements

Scenario 1:
Intelligent wired access
edge

Summary:
Intelligent edge switches in the network access layer provide authentication and
authorization for connecting end-systems.
Appliance Requirement: NAC Gateway
The NAC Gateway appliance provides out-of-band network access control by
leveraging the intelligent edge switches as the authorization point for connecting
end-systems.

Scenario 2:
Intelligent wireless
access edge

Summary:
Thick Access Points (APs), or wireless switches with thin APs, provide
authentication and authorization for connecting end-systems.
Appliance Requirement: NAC Gateway
The NAC Gateway appliance provides out-of-band network access control by
leveraging the intelligent wireless infrastructure devices as the authorization
point for connecting end-systems.

Scenario 3:
Non-intelligent access
edge (wired and
wireless)

Summary:
Non-intelligent edge switches in the network access layer are not capable of
providing authentication and authorization for connecting end-systems.
Appliance Requirement: NAC Controller
Inline network access control is implemented by positioning the NAC Controller
appliance at a strategic point in the network topology as the authorization point
for end-system traffic.