Layer 2 in-band management topology -4, Figure 6‐3 – Enterasys Networks 7S4280-19-SYS User Manual
Page 72
General Management Considerations
6-4 Initializing the NAC Controller
–
The NAC Controller Engine management IP address is used for management traffic
generated from the NAC Controller Engine, and the NAC Controller Engine remediation
IP address used to run the remediation web server.
–
The NAC Controller Engine remediation IP address, mask, and default gateway must
belong to the subnet that spans the downstream and upstream routers.
–
The NAC Controller Engine management IP address along with a mask is assigned to the
10/100 Ethernet port. Therefore, the 10/100 Ethernet port must be connected into the
topology with a separate physical link onto the management VLAN. No default gateway
is assigned to the management IP address.
–
The NAC Controller Engine management IP address and NAC Controller PEP IP
addresses, masks, and gateway must be part of the same subnet, and not on the subnet
that spans the upstream and downstream routers which carries data traffic.
–
A management VLAN ID must be specified. All management traffic sourced from the
NAC Controller PEP egresses the upstream and downstream ports of the NAC Controller
tagged to the management VLAN. Therefore, the upstream and downstream routers
must be configured to 802.1Q VLAN trunk the management VLAN to the NAC
Controller.
–
The NetSight management server IP address should be configured on the same subnet as
the NAC Controller Engine and NAC Controller PEP IP addresses. Otherwise,
management traffic sourced from the NAC Controller Engine and NAC Controller PEP
will traverse the data VLAN on the way to the NetSight management server.
on page 6‐5 for a diagram of layer 2 Out‐Of‐Band management and
page 6‐6 for a diagram of layer 3 Out‐Of‐Band management
Figure 6-3 Layer 2 In-Band Management Topology