Design procedures, Procedures for out-of-band and inline nac, Identify required netsight applications – Enterasys Networks 9034385 User Manual
Page 65: Chapter 5: design procedures, Procedures for out-of-band and inline nac -1, Identify required netsight applications -1, Chapter 5
Enterasys NAC Design Guide 5-1
5
Design Procedures
This chapter describes the design procedures for Enterasys NAC deployment on an enterprise
network. The first section discusses procedures for both out‐of‐band and inline NAC
deployments. The second section discusses procedures for deployments implementing
assessment. Subsequent sections present design steps relating specifically to out‐of band
deployments using the NAC Gateway and inline deployments using the NAC Controller.
Procedures for Out-of-Band and Inline NAC
This section presents design procedures that are applicable to both out‐of‐band and inline NAC
deployments.
1. Identify Required NetSight Applications
As discussed in “
” on page 1‐9, the Enterasys NAC solution requires the
installation of two applications from the NetSight management software suite. NetSight NAC
Manager is required to centrally manage the NAC Controller and NAC Gateway appliances on
the network. Because NAC Manager is a plugin application to NetSight Console, it is necessary to
have NetSight Console installed on a server with NAC Manager. NetSight Console is used to
monitor the health and status of devices on the network, including the access layer switches and
the NAC appliances.
In addition, NetSight Policy Manager is required for inline NAC deployments. Policy Manager is
used to centrally define and distribute policies to all NAC Controllers on the network.
For out‐of‐band NAC deployments that include Enterasys policy‐enabled switches in the
intelligent edge, policies are specified in NAC Manager that authorize connecting end‐systems
with a particular level of network access. Policies are centrally defined and distributed to those
Enterasys switches using Policy Manager. With Policy Manager, policy roles are easily defined
and enforced to all Enterasys switches in the entire intelligent edge of the network, from one
central location.
For information about...
Refer to page...
Procedures for Out-of-Band and Inline NAC