Enterasys Networks 9034385 User Manual

Page 7

Advertising
background image

v

Unregistered Policy ..........................................................................................................................5-28

Inline NAC Design Procedures ..................................................................................................................... 5-28

1. Determine NAC Controller Location ................................................................................................... 5-28
2. Determine the Number of NAC Controllers ........................................................................................ 5-30
3. Identify Backend RADIUS Server Interaction ..................................................................................... 5-32
4. Define Policy Configuration ................................................................................................................ 5-32

Failsafe Policy and Accept Policy Configuration ..............................................................................5-32
Assessment Policy and Quarantine Policy Configuration.................................................................5-32
Unregistered Policy ..........................................................................................................................5-33

Additional Considerations ............................................................................................................................. 5-33

NAC Deployment With an Intrusion Detection System (IDS) ................................................................. 5-33
NAC Deployment With NetSight ASM .................................................................................................... 5-33

Figures

3-1

Intelligent Wired Access Edge with Enterasys Policy-Enabled Devices............................................. 3-2

3-2

Intelligent Wired Access Edge with RFC 3580 Capable Devices....................................................... 3-3

3-3

Intelligent Wireless Access Edge - Thin APs with Wireless Switch.................................................... 3-6

3-4

Intelligent Wireless Access Edge - Intelligent AP (RFC 3580 Compliant ........................................... 3-7

3-5

Non-intelligent Access Edge (Wired and Wireless) .......................................................................... 3-10

3-6

VPN Remote Access ........................................................................................................................ 3-12

4-1

Network with Intelligent Edge ............................................................................................................. 4-3

4-2

Network with Non-Intelligent Edge ..................................................................................................... 4-4

5-1

Security Domain ................................................................................................................................. 5-3

5-2

NAC Configuration.............................................................................................................................. 5-4

5-3

NAC Configuration for a Security Domain .......................................................................................... 5-6

5-4

MAC and User Override Configuration............................................................................................. 5-13

5-5

NAC Gateway Redundancy.............................................................................................................. 5-21

5-6

Policy Role Configuration in NetSight Policy Manager..................................................................... 5-26

5-7

Service for the Assessing Role......................................................................................................... 5-27

5-8

Service for the Quarantine Role ....................................................................................................... 5-28

5-9

Layer 2 NAC Controller Redundancy ............................................................................................... 5-31

5-10

Layer 3 NAC Controller Redundancy ............................................................................................... 5-31

Tables

1-1

Component Requirements for NAC Deployment Models ................................................................... 1-4

1-2

Comparison of Appliance Functionality .............................................................................................. 1-7

1-3

Comparison of Appliance Advantages and Disadvantages................................................................ 1-8

2-1

Component Requirements for Detection and Tracking ...................................................................... 2-3

2-2

Component Requirements for Authorization ...................................................................................... 2-7

2-3

Component Requirements for Authorization with Assessment ........................................................ 2-12

2-4

Component Requirements for Authorization with Assessment and Remediation ............................ 2-15

2-5

Enterasys NAC Deployment Models ................................................................................................ 2-16

3-1

Use Scenario Summaries................................................................................................................. 3-13

5-1

Security Domain Configuration Guidelines......................................................................................... 5-7

5-2

Security Domain Configuration Guidelines for Assessment ............................................................. 5-10

5-3

MAC Override Configuration Guidelines .......................................................................................... 5-14

5-4

End-System Limits for NAC Gateways............................................................................................. 5-20

5-5

End-System Limits for NAC Controllers ........................................................................................... 5-30

Advertising
Popular Brands
Popular manuals