Enterasys 9034385 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 98 Seiten
- 2.39 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Switch
Enterasys C2K122-24
70 Seiten 1.34 mb -
Network Router
Enterasys XSR-1805
25 Seiten 0.6 mb -
Network Card
Enterasys 802.1Q
82 Seiten 1.12 mb -
Switch
Enterasys N Standalone (NSA) Series
1372 Seiten 7.55 mb -
Switch
Enterasys Mid-Span Power Hub BL-6000ENT
31 Seiten 0.83 mb -
Switch
Enterasys Enterasys Vertical Horizon VH-8G
110 Seiten 1.13 mb -
Power Supply
Enterasys SecureStack C2 C2RPS-POE
34 Seiten 0.67 mb -
Network Router
Enterasys 1G58x-09
808 Seiten 6.11 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Enterasys 9034385 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Enterasys 9034385, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Enterasys 9034385 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Enterasys 9034385. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung Enterasys 9034385 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Enterasys 9034385
- Den Namen des Produzenten und das Produktionsjahr des Geräts Enterasys 9034385
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Enterasys 9034385
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Enterasys 9034385 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Enterasys 9034385 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Enterasys finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Enterasys 9034385 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Enterasys 9034385, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Enterasys 9034385 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
Enterasys ® Network Access Control Design Guide P/N 9034385[...]
-
Seite 2
[...]
-
Seite 3
i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web si te without prior notice. The reader should in all cases co nsult Enterasys Netw orks [...]
-
Seite 4
ii[...]
-
Seite 5
iii Contents About This Guide Intended Audience .......... ............. ................. ............ ................. ............. ................ ........... .................. ............. vii Related Documents ............... ............. ................ ............. ................ ............. ................ ....... ............ [...]
-
Seite 6
iv Chapter 3: Use Scenarios Scenario 1: Intelligent Wired Access E dge ............ ............. ................ ................ ............. ............... ..... ........... 3-1 Policy-Enabled Edge ................. ............. ............ ................. ............. ............ ............. .......... ................ ..... 3-2 RFC [...]
-
Seite 7
v Unregistered Policy ................... ............. ............. ................ ............. ................ ............. ..... .............. 5-28 Inline NAC Design Procedures ........... ................ ............. ................ ................ ............. ............. .......... ......... 5-28 1. Determine NAC Contro ller Loc[...]
-
Seite 8
vi[...]
-
Seite 9
Enterasys NAC Design Gu ide vii About This Guide The NAC Design Guide describes the technical considerations for the planning and design of the Enterasys Netw ork Access Contr ol (NAC) solution. The guide includes the following information: Inten[...]
-
Seite 10
Getting Help viii About This Guide •E n t e r a s y s NA C Manager Online Help. Explains how to use NAC Manager to configure you r NAC appliances, and to put in place authenti cation and assessment requirements for the end ‐ systems a[...]
-
Seite 11
Enterasys NAC Design Guide 1-1 1 Overview This chapter provides an overview of the Enterasys Network Access Control (NAC) solution, including a descripti on of key NAC functions and deployment models. It also introd uces the required and [...]
-
Seite 12
NAC Solution Overview 1-2 Overview Assessment Determine if th e device complies with corporate security and configuration requirements, such as operating system patch revision levels and anti virus signature definitions. Other security compliance req[...]
-
Seite 13
NAC Solution Overview Enterasys NAC Design Guide 1-3 Model 1: End-system Detection and T racking This NAC deployment model implements the detection piece of NAC functionality . It supports the ability to track users and end ‐ sys tems over time by identify[...]
-
Seite 14
NAC Solution Components 1-4 Overview NAC Solution Component s This section discusses the required and optional components of the Enterasys NAC solution, beginning with the following table that summarizes the component requirements for each of the[...]
-
Seite 15
NAC Solution Components Enterasys NAC Design Guide 1-5 Enterasys offers two types of NA C appliances: the NAC Gatew ay appliance implements out ‐ of ‐ band network access control, and the NAC Controller appliance implements inline network access [...]
-
Seite 16
NAC Solution Components 1-6 Overview of supporting authentication and/or authorization. The NAC Controller is also required in IPSec and SSL VPN deployments. The NAC Controller provides integrated vulnerability assessment serv er functionality an[...]
-
Seite 17
NAC Solution Components Enterasys NAC Design Guide 1-7 Appliance Comp arison The following table compares how the two NA C appliance types implement the five NAC functions. T able 1-2 Comp arison of Appliance Funct ionality NAC Function NAC Gateway NAC Controller Detection RADIUS authenticatio[...]
-
Seite 18
NAC Solution Components 1-8 Overview Ta b l e 1 ‐ 3 outlines the advantages and disadv antages of the two appliance types as they pertain to network securi ty , scalabilit y , and configuration/implementation. T able 1-3 Comp arison of Appliance Adva ntag es and Disadvant[...]
-
Seite 19
NAC Solution Components Enterasys NAC Design Guide 1-9 NetSight Management The NAC appliances are configured, monit ored, and managed through management applications within the Enterasys NetSight Suite. Net Sight is a family of products comprised of NetS[...]
-
Seite 20
Summary 1-10 Overview NetSight Console NetSight Console is used to monitor the health and status of infrastructure devices in the netw ork, including switches, routers, Enterasys NAC appliances (NAC Gatew ays and NAC Controllers) as wel l[...]
-
Seite 21
Summary Enterasys NAC Design Guide 1 -11 •M o d e l 3: End ‐ Syst em Authorization with Assessment ‐ Implements detection , authentication , assessment , and authorization to provide network access control based on the security posture of a conne[...]
-
Seite 22
Summary 1-12 Overview[...]
-
Seite 23
Enterasys NAC Design Guide 2-1 2 NAC Deployment Models This chapter descri bes the four NAC deployment models and how they build on each other to provide a complete NAC solution. The first model imple ments a subset of the fiv e k[...]
-
Seite 24
Model 1: End-System Detection and Tracking 2-2 NAC Deployment Models RADIUS Access ‐ Accept or Access ‐ Reject message received from the upstream RADIUS server , is returned without modification to the access edge switch, to permit end ‐ system access [...]
-
Seite 25
Model 2: End-System Authorization Enterasys NAC Design Guide 2-3 and information on the network. Enteras ys NAC can be leveraged to provide information to SIM solutions, by mapping an IP address to an identity , such as a MAC address [...]
-
Seite 26
Model 2: End-System Authorization 2-4 NAC Deployment Models device ide ntity , us er identity , and/or location information is used to authorize the connecting end ‐ system with a certain level of netw ork access. It is important to note that ?[...]
-
Seite 27
Model 2: End-System Authorization Enterasys NAC Design Guide 2-5 The NAC Controller may eithe r deny the end ‐ system access to the network or assign the end ‐ system to a particular set of networ k reso urces by specifying a particular p[...]
-
Seite 28
Model 2: End-System Authorization 2-6 NAC Deployment Models is only provisioned by the Enterasys NAC sol ution when the devices connect to switches in the Network Operations Center (NOC). This level of granularity in provisioning access to ?[...]
-
Seite 29
Model 2: End-System Authorization Enterasys NAC Design Guide 2-7 a password in the registration web page. This sponsor username and passw ord can be va l i d a te d agai nst an existing database on the netw ork to authentica te the sponsor ʹ s i[...]
-
Seite 30
Model 3: End-System Authorization with Assessment 2-8 NAC Deployment Models A RADIUS serv er is only required if out ‐ of ‐ band netw ork access control using the NAC Gatewa y , or inline netw ork access control using the Layer 2 NAC Co ntroller [...]
-
Seite 31
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2-9 server is running or if the HTTP server is out ‐ of ‐ date) and client ‐ side checks (run ning applications, softw are configurations, instal led operating system patches) provide[...]
-
Seite 32
Model 3: End-System Authorization with Assessment 2-10 NAC Deployment Models Features and V alue In addition to the features and val u e s found in Model 1 and Model 2, the following are key pieces of functionality and va lu e propositions supported [...]
-
Seite 33
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2 -11 •A p p l i c a t i o n configuration The NAC solution can determine which services and applications are installed and enabled on the end ‐ system. Certain applications should be r[...]
-
Seite 34
Model 4: End-System Authorization with Assessment and Remediation 2-12 NAC Deployment Models Required and Optional Component s This section summarizes the required and optional components for Mod el 3. . The NAC Gatew ay and NAC Controller are the NAC appliances used ?[...]
-
Seite 35
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -13 Assisted remediation informs end users when their end ‐ systems have been quarantin ed due to network securi ty policy non ‐ compliance, and allows end users to ?[...]
-
Seite 36
Model 4: End-System Authorization with Assessment and Remediation 2-14 NAC Deployment Models Inline NAC For inline Enterasys NAC deployments utilizing the Lay er 2 or Layer 3 NAC Controller , the NAC functions are implemented in the following way : Detection [...]
-
Seite 37
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -15 traffic with specific source and destination cha racteristics as well as specific app lication identifiers (UDP/TCP ports). In addi tion, the Enterasys NAC solution w[...]
-
Seite 38
Summary 2-16 NAC Deployment Models Summary Enterasys supports all of the five key NAC functions: detection, authentication, assessment, authorization, and remediation. Howev er , not all fiv e functions need to be implemented concurrently in a ?[...]
-
Seite 39
Enterasys NAC Design Guide 3-1 3 Use Scenarios This chapter describes four NAC use scenarios that illustrate how the type of NAC deployment is directly dependent on the infrastructure devices deployed in the netw ork. For some network [...]
-
Seite 40
Scenario 1: Intelligent Wired Access Edge 3-2 Use Scenarios within the same Quarantine VLAN because the authorization point is usually implemented at the exit point of the VLAN via Access Control Lists (ACL s). Policy-Enabled Edge The fol lowing figu[...]
-
Seite 41
Scenario 1: Intelligent Wired Access Edge Enterasys NAC Design Guide 3-3 RFC 3580 Cap able Edge In this figure the NAC Gatew ay and the other Enterasys NAC components provide network access control for a network with third ‐ party switches that support [...]
-
Seite 42
Scenario 1: Intelligent Wired Access Edge 3-4 Use Scenarios Scenario 1 Implementation In the intelligent wi red edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects to th[...]
-
Seite 43
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-5 intellig ent edge on the network. The Mat rix N ‐ series switch is capable of authenticating and authorizing multiple devices connected to a single port for a vari e t y of[...]
-
Seite 44
Scenario 2: Intelligent Wireless Access Edge 3-6 Use Scenarios Figure 3-3 Intelligent Wirele ss Access Edge - Thin APs with W ireless Switch 1 4 3 2 Wireless Access Point 5 3 Enterasys NAC Manager Intelligent Wireless Controller (RFC 3850-compliant) NAC Gateway (out- of-band appliance) Assessment Server Authentication Server (optionally integrated [...]
-
Seite 45
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-7 Thick Wireless Edge In a thick wireless deployment, access points forward wirele ss end ‐ system traffic directly onto the wired infrastructure without the use of a wireless switch. ?[...]
-
Seite 46
Scenario 2: Intelligent Wireless Access Edge 3-8 Use Scenarios Scenario 2 Implementation In the intelligent wireless access edge use scen ario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem conne[...]
-
Seite 47
Scenario 3: Non-intelligent Access Edge (Wired and Wireless) Enterasys NAC Design Guide 3-9 It is important to note that if the wireless edge of the network is non ‐ i ntelligent and not capable of authenticating and authorizing wireless end ‐ systems, ?[...]
-
Seite 48
Scenario 3: Non-intelligent Access Edge ( Wired and Wireless) 3-10 Use Scenarios Figure 3-5 Non-intelligent Access Edge (W ired and Wireless) 2 3 3 3 4 5 1 3 Enterasys NAC Manager NAC Controller (inline appliance) Assessment Server Authentication Server (optionally integrated in NAC Controller) Role= Quarantine Layer 3 Wired LAN Role= Quarantine Ro[...]
-
Seite 49
Scenario 4: VPN Remote Access Enterasys NAC Design Guide 3 -11 Scenario 3 Implementation In the non ‐ intelligent access edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects ?[...]
-
Seite 50
Scenario 4: VPN Remote Access 3-12 Use Scenarios Figure 3-6 VPN Remote Access Scenario 4 Implementation In the VPN remote access use scenario, the five NAC functions are implemented in the following manner with the deployment of the NAC Controller for ?[...]
-
Seite 51
Summary Enterasys NAC Design Guide 3 -13 5. Remediation ‐ When the quarantined end user opens a web browser to any web site, its traffic is dynamically redirect ed to a Remediation web page that describes the compliance violation[...]
-
Seite 52
Summary 3-14 Use Scenarios Scenario 4: VPN remote access Summary: VPN concentrators act as a termination point for remote access VPN tunn els into the enterprise network. Appliance Requirement: NAC Contr oller Inline net work access control is implem ented by deploying the NAC Controller appliance to locally authorize connecting end-systems. T able[...]
-
Seite 53
Enterasys NAC Design Guide 4-1 4 Design Planning This chapter descri bes the steps yo u should take as yo u begin planning yo ur NAC deployment. The first step is to identify the deployment model that best meets you r business objecti[...]
-
Seite 54
Survey the Network 4-2 Design Planning access to a web browser to safely remediate their quarantined end ‐ syst em without impacting IT operations. Once a deployment model is se lected, the current network infrastructure must be examined to[...]
-
Seite 55
Survey the Network Enterasys NAC Design Guide 4-3 The network shown in Figure 4 ‐ 1 below , illustrates the following three examples of how the intellig ent edge can be implemented in a networ k. • Policy ‐ enabled Enterasys devices at the [...]
-
Seite 56
Survey the Network 4-4 Design Planning For the inline implementation of the Enterasys NAC solution, the NAC Controller authenticates and authorizes end ‐ systems locally on the appliance, and does not rely on the capabilities of downstr[...]
-
Seite 57
Survey the Network Enterasys NAC Design Guide 4-5 to locally authorize all MAC authentication reque sts for connecting end ‐ systems, thereby not requiring a li st of known MAC addre sses. In fact, Enterasys NAC can be configur ed in a [...]
-
Seite 58
Survey the Network 4-6 Design Planning Similar to 802.1X, web ‐ based authentication requires the input of credentials and is normally use d on user ‐ centric end ‐ systems that hav e a concept of an associated user , such as a PC. [...]
-
Seite 59
Survey the Network Enterasys NAC Design Guide 4-7 system at a time, then it is sugg ested that MAC locking (also known as Po r t Secu rity) be enabled on the edge switches to restrict the number of connecting devi ces. If multiple[...]
-
Seite 60
Survey the Network 4-8 Design Planning authenticated to the netw ork and interact with Enter asys NAC for authenticati on, assessment, authorization, and remediation. Note how ever , that this configuration may not be possible if trusted users ?[...]
-
Seite 61
Survey the Network Enterasys NAC Design Guide 4-9 If the network infrastructure does not contain intelligent devices at the edg e or distributi on layer , then inline NAC using the NAC Controller as the authorization point for connecting [...]
-
Seite 62
Survey the Network 4-10 Design Planning this case, the thick AP deployment falls into the category of non ‐ intelligent ed ge devices with the same NAC implementations as a non ‐ intelligent wired edge. These non ‐ intelligent APs must [...]
-
Seite 63
Identify Inline or Out-of-band NAC Dep loyment Enterasys NAC Design Guide 4 -11 Remote Access VPN In many enterprise environments, a VPN concentrator located at the main site connects to the Internet to provide VPN access to remote users. In this sce[...]
-
Seite 64
Summary 4-12 Design Planning server . In addi tion, NAC can also be configured to locally authorize MA C authentication requests. 3. Identify the strategic point in the network where end ‐ system authorization should be implemented. The mos[...]
-
Seite 65
Enterasys NAC Design Guide 5-1 5 Design Procedures This chapter descri bes the design procedures for Enterasys NAC deployment on an ente rprise network. The first section discusses procedures for both out ‐ of ‐ band and inline NAC deployments. ?[...]
-
Seite 66
Procedures for Out-of-Band and Inline NAC 5-2 Design Procedures Po l i c y Manager is not re quired for out ‐ of ‐ band NAC that utilizes RFC 3580 ‐ compliant switches (Enterasys and third ‐ party switches). In this case, a VLAN is specified in ?[...]
-
Seite 67
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-3 Figure 5-1 Se curity Domain NAC Configurations Each Security Domain has a default “NAC configuration” that defines the authentication, assessment, and authorization parameters for all end ‐ systems ?[...]
-
Seite 68
Procedures for Out-of-Band and Inline NAC 5-4 Design Procedures Figure 5-2 NAC Configuration Authentication The Authenticati on settings define how RADIUS requests are handled for au thenticating end ‐ systems (this does not apply to Layer 3 NAC Controllers.) This[...]
-
Seite 69
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-5 •H o w health results are processed. When an assessment is performed on an end ‐ syste m, a “health result” is generated. For each health result, there may be sev eral ?[...]
-
Seite 70
Procedures for Out-of-Band and Inline NAC 5-6 Design Procedures The following figure shows the NAC Manager window used to create or edit a NAC Configuration and defi ne its authentication, assessment, and a uthorization attributes. Figure 5-3 NAC Configurati[...]
-
Seite 71
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-7 The following table provides examples of var i o u s network scenarios that should be considered when identifyi ng the number and configuration of Sec urity Domains in your NAC [...]
-
Seite 72
Procedures for Out-of-Band and Inline NAC 5-8 Design Procedures Area of the network that provides access to a group of users or devices that pose a potentiall y high risk to the security or stability of the network. • Switches that provide access to guest users or contractors on a corporate network. These users are usually not directly unde r the[...]
-
Seite 73
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-9 Area of the network that is configured to allow access only to specific end-systems or users. • Switches that provide access to only pre-configured end-systems and users in highly controlled environments, such as industrial automation networks. For the NAC Gateway , reject a[...]
-
Seite 74
Procedures for Out-of-Band and Inline NAC 5-10 Design Procedures The following table provides network scenarios from an as sessment standpoint that should be taken into account when identifying the number and configuration of Security Domains. T able 5-2[...]
-
Seite 75
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -11 Area of the network, or a group of end-systems or users, that require assessment with immediate network access. • Switches that provide network acce ss to mission critical servers, mandating uninterrupted network con nectivity while still implementing assessment. • Switc[...]
-
Seite 76
Procedures for Out-of-Band and Inline NAC 5-12 Design Procedures 3. Identify Required MAC and User Overrides MAC and user overr ides are used to handle end ‐ syste ms that require a different set of authentication, assessment, and authorization parameters from the[...]
-
Seite 77
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -13 The following figure display s the windows used for MAC and user override configura tion in NAC Manager . Notice that either an existing NAC Config uration can be used or [...]
-
Seite 78
Procedures for Out-of-Band and Inline NAC 5-14 Design Procedures The following table describes scenarios where a MAC ov erride may be configured for a particular end ‐ system. T able 5-3 MAC Override Configuratio n Guidelines Network Scenario Examples Security Domain Config uration A dev[...]
-
Seite 79
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -15 A device or class of devices needs to be restricted network access (“blacklisted”) in a particular Security Domain or in all Security Domains. Denying access or quarantining the MAC addresses of laptops used b y guests or contractors in those areas of the network designa[...]
-
Seite 80
Procedures for Out-of-Band and Inline NAC 5-16 Design Procedures User Overrides A user ov erride lets you create a configuration for a specific end user , based on the user name. For example, you could create a user override that gives a [...]
-
Seite 81
Assessment Design Procedures Enterasys NAC Design Guide 5 -17 Manager will not match this end ‐ system and the end ‐ sy stem is assigned the Security Domain’ s default NAC config uration. In addition, the Layer 3 NAC Controller is not able [...]
-
Seite 82
Assessment Design Procedures 5-18 Design Procedures 2. Determine Assessm ent Server Location When determining the location of the assessme nt servers on th e network, the following factors should be considered: •T h e type of assessment: agent ‐ less or agen[...]
-
Seite 83
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -19 configuration if the security vul nerability is considered a risk for the organization. For more information on Nessus, ref er to http://nessus.org/ . Out-of-Band NAC Design Procedures The following [...]
-
Seite 84
Out-of-Band NAC Design Procedures 5-20 Design Procedures 2. Determine the Number of NAC Gateways The number of NAC Gatew ays to be depl oyed on the netw ork is a function of the following parameters: •T h e number of Security Domains configured on th e[...]
-
Seite 85
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -21 Figure 5-5 NAC Gateway Redund ancy It is important that the secondary NAC Gatew ay does not exceed maximum capacity if the primary NAC Gatew ay fails on the network. For example, let’ s[...]
-
Seite 86
Out-of-Band NAC Design Procedures 5-22 Design Procedures primary NAC Gatew ay , the transition to the secondary NAC Gateway wi ll not exceed maximum capacity . To support redundancy within a Secu rity Domain for either approach, one addi tional ?[...]
-
Seite 87
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -23 It is important to not e that only the NAC Gateways that are configured with remediation and registration functionality need to be positioned in such a manner . All other [...]
-
Seite 88
Out-of-Band NAC Design Procedures 5-24 Design Procedures 6. VLAN Configuration This step is for NA C deployments tha t use RFC ‐ 3580 ‐ compliant switches in the intelligent edge of the network to impl ement dynamic VLAN assignment of connecting devi[...]
-
Seite 89
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -25 previously specified in the NAC configuration must be def ined in NetSight Pol i c y Manager to ensure the consistent allocation of network resources to co nnecting end ‐ systems. Failsafe [...]
-
Seite 90
Out-of-Band NAC Design Procedures 5-26 Design Procedures Figure 5-6 Policy Role Configuration in NetSig ht Policy Manager Assessment Policy The Assessment Pol ic y may be used to temporarily allocate a set of network resources to end ‐ systems while they are being ass[...]
-
Seite 91
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -27 Figure 5-7 Service for the Assessing Role Note that it is not mandatory to assign the Assessment Pol i cy to a connecting end ‐ system while it is being assessed. NAC can be configured [...]
-
Seite 92
Inline NAC Design Procedures 5-28 Design Procedures Figure 5-8 Service for the Quarantine Role Furthermore, the Quarantine Po l i c y and other network infrastructure devices must be configured to implement HTTP traffic redirection for quaranti ned end ‐ systems to ?[...]
-
Seite 93
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -29 Howeve r , the closer the NAC Controller is placed to the edge of the network, the more NAC Controllers are required on the netw ork, increasing NAC deployment cost and complex[...]
-
Seite 94
Inline NAC Design Procedures 5-30 Design Procedures 2. Determine the Numb er of NAC Controllers The number of NAC Controllers to be deploy ed on the network is a function of the following parameters: •T h e network topology . Because the NAC Controller is [...]
-
Seite 95
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -31 Figure 5-9 Layer 2 NAC Controller Redundancy For a Layer 3 NAC Controller , redundancy is achieved by implementing redundant Layer 3 NAC Controllers on adjacent, but separate networks as shown in [...]
-
Seite 96
Inline NAC Design Procedures 5-32 Design Procedures 3. Identify Backend RADIUS Server Interaction Layer 2 NAC Controllers detect downs tream end ‐ systems via authentication: MAC, web ‐ based, or 802.1X. If we b ‐ based or 802.1X authenti cation is implemented, th[...]
-
Seite 97
Additional Considerations Enterasys NAC Design Guide 5 -33 assessment server s to reach the end ‐ system while it is being assessed, regardless of whether the Assessing policy , Enterprise User policy , or any other policy ro le is utilized [...]
-
Seite 98
Additional Considerations 5-34 Design Procedures[...]