Enterasys Networks 7S4280-19-SYS User Manual
Page 70
Overview
6-2 Initializing the NAC Controller
The ports located in the lower rows of the NAC Controller are referred to as ʺdownstream ports,ʺ
and connect downlink to infrastructure devices such as access layer switches in the network. The
two gigabit Ethernet ports located at the top of the NAC Controller are referred to as ʺupstream
ports,ʺ and connect uplink to upstream devices such as core routers. The 10/100 Ethernet port
located at the top of the NAC Controller supports management functionality with an
Out‐Of‐Band management configuration, as explained below. See
for the location of the
different NAC Controller port types.
It is important to note that the NAC Controller appliance transparently bridges packets at layer 2
from downstream ports to upstream ports, downstream ports to other downstream ports,
upstream ports to downstream ports, and upstream port to other upstream ports. Therefore, it is
not necessary to have a 1:1 downstream port to upstream port configuration on the NAC
Controller. Furthermore, the traffic enforcement point on the NAC Controller is implemented as
traffic ingressed the downstream ports per MAC address or IP address before the traffic is bridged
through the NAC Controller to any other port. As a result of traffic sourced from an end system
being appropriately filtered (for example: forwarded, discarded, contained to a VLAN, or
prioritized) upon ingress to the NAC Controller port before it is bridged, the flow of traffic from
each downstream end system is securely controlled to all other devices connected to other
upstream and downstream ports on the NAC Controller.
Figure 6-1 NAC Controller Ports
display the configuration topologies for the four NAC Controller
installation types. In each case, upstream ports on the NAC Controller connect to the network core
in the direction of where the NetSight management server connects to the network, although it is
not necessary to connect the NetSight management server upstream from the NAC Controller.
Downstream ports on the NAC Controller connect to the network edge where end systems are
connecting.
Note:
displays a 2S4082-25-SYS, but NAC Controller ports are in the same
location on both systems.