Network with intelligent edge -3 – Enterasys Networks 9034385 User Manual
Page 55
Survey the Network
Enterasys NAC Design Guide 4-3
The network shown in
below, illustrates the following three examples of how the
intelligent edge can be implemented in a network.
•
Policy‐enabled Enterasys devices at the physical edge of the network.
The SecureStack B2/B3, SecureStack C2/C3, and Matrix N‐series switches are the intelligent
edge of the network as well as the physical edge of the network. These policy‐enabled devices
provide authentication and authorization via policy enforcement to the connecting end‐
systems.
•
Third‐party switches that support RFC 3580 with dynamic VLAN assignment at the
physical edge of the network.
RFC 3580‐compliant switches (Enterasys and third‐party), are also part of the intelligent edge
of the network, because they are able to authenticate and authorize connecting end‐systems
with a particular level of network access, using dynamic VLAN assignment.
•
Policy‐enabled Enterasys devices at the distribution layer of the network, upstream from
non‐intelligent third‐party devices.
The intelligent edge of the network may or may not be the physical edge of the network where
end‐systems actually connect. The Matrix N‐series switch in the distribution layer of the
network, upstream from the non‐intelligent third‐party device, is also considered part of the
intelligent edge of the network. This is because the Matrix N‐series switch can individually
authenticate and uniquely allocate network resources for the end‐systems connected
downstream to the non‐intelligent third‐party access layer device.
Figure 4-1 Network with Intelligent Edge