Vai alla pagina of
Manuali d’uso simili
-
Switch
Enterasys Networks 5H1XX
144 pagine 1.55 mb -
Network Card
Enterasys Networks BL-69551ENT
36 pagine 0.51 mb -
Switch
Enterasys Networks D2G124-12
496 pagine 3.79 mb -
Network Hardware
Enterasys Networks 4H4203-72
90 pagine 2.41 mb -
Network Hardware
Enterasys Networks 4H4282-49
90 pagine 2.41 mb -
Switch
Enterasys Networks 4H4282-49
90 pagine 2.43 mb -
Switch
Enterasys Networks CSX7000
729 pagine 10.35 mb -
Switch
Enterasys Networks 6E2xx
430 pagine 4.48 mb
Un buon manuale d’uso
Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso Enterasys Networks 9034385. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica Enterasys Networks 9034385 o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.
Che cosa è il manuale d’uso?
La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso Enterasys Networks 9034385 descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.
Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.
Quindi cosa dovrebbe contenere il manuale perfetto?
Innanzitutto, il manuale d’uso Enterasys Networks 9034385 dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo Enterasys Networks 9034385
- nome del fabbricante e anno di fabbricazione Enterasys Networks 9034385
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature Enterasys Networks 9034385
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti
Perché non leggiamo i manuali d’uso?
Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio Enterasys Networks 9034385 non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti Enterasys Networks 9034385 e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio Enterasys Networks in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche Enterasys Networks 9034385, come nel caso della versione cartacea.
Perché leggere il manuale d’uso?
Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo Enterasys Networks 9034385, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.
Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso Enterasys Networks 9034385. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.
Sommario del manuale d’uso
-
Pagina 1
Enterasys ® Network Access Control Design Guide P/N 9034385[...]
-
Pagina 2
[...]
-
Pagina 3
i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web si te without prior notice. The reader should in all cases co nsult Enterasys Netw orks [...]
-
Pagina 4
ii[...]
-
Pagina 5
iii Contents About This Guide Intended Audience .......... ............. ................. ............ ................. ............. ................ ........... .................. ............. vii Related Documents ............... ............. ................ ............. ................ ............. ................ ....... ............ [...]
-
Pagina 6
iv Chapter 3: Use Scenarios Scenario 1: Intelligent Wired Access E dge ............ ............. ................ ................ ............. ............... ..... ........... 3-1 Policy-Enabled Edge ................. ... ............. ............. ................ ............. ............. ............. ...... ................... .. 3-2 RFC[...]
-
Pagina 7
v Unregistered Policy ................... ............. ............. ................ ............. ................ ............. ..... .............. 5-28 Inline NAC Design Procedures ........................... ............. ................ ................ ............. ............. .......... ......... 5-28 1. Determine NAC Contro ller Loca[...]
-
Pagina 8
vi[...]
-
Pagina 9
Enterasys NAC Design Gu ide vii About This Guide The NAC Design Guide describes the technical considerations for the planning and design of the Enterasys Netw ork Access Contr ol (NAC) solution. The guide includes the following information: Inten[...]
-
Pagina 10
Getting Help viii About This Guide •E n t e r a s y s NA C Manager Online Help. Explains how to use NAC Manager to configure you r NAC appliances, and to put in place authenti cation and assessment requirements for the end ‐ systems a[...]
-
Pagina 11
Enterasys NAC Design Guide 1-1 1 Overview This chapter provides an overview of the Enterasys Network Access Control (NAC) solution, including a descripti on of key NAC functions and deployment models. It also introd uces the required and [...]
-
Pagina 12
NAC Solution Overview 1-2 Overview Assessment Determine if th e device complies with corporate security and configuration requirements, such as operating system patch revision levels and anti virus signature definitions. Other security compliance req[...]
-
Pagina 13
NAC Solution Overview Enterasys NAC Design Guide 1-3 Model 1: End-system Detection and T racking This NAC deployment model implements the detection piece of NAC functionality . It supports the ability to track users and end ‐ sys tems over time by identify[...]
-
Pagina 14
NAC Solution Components 1-4 Overview NAC Solution Component s This section discusses the required and optional components of the Enterasys NAC solution, beginning with the following table that summarizes the component requirements for each of the[...]
-
Pagina 15
NAC Solution Components Enterasys NAC Design Guide 1-5 Enterasys offers two types of NA C appliances: the NAC Gatew ay appliance implements out ‐ of ‐ band network access control, and the NAC Controller appliance implements inline network access [...]
-
Pagina 16
NAC Solution Components 1-6 Overview of supporting authentication and/or authorization. The NAC Controller is also required in IPSec and SSL VPN deployments. The NAC Controller provides integrated vulnerability assessment serv er functionality an[...]
-
Pagina 17
NAC Solution Components Enterasys NAC Design Guide 1-7 Appliance Comp arison The following table compares how the two NA C appliance types implement the five NAC functions. T able 1-2 Comp arison of Appliance Funct ionality NAC Function NAC Gateway NAC Controller Detection RADIUS authenticatio[...]
-
Pagina 18
NAC Solution Components 1-8 Overview Ta b l e 1 ‐ 3 outlines the adv antages and disadv antages of the tw o appliance types as they pertain to network securi ty , scalabilit y , and configuration/implementation. T able 1-3 Comp arison of Appliance Adva ntag es and Disadva[...]
-
Pagina 19
NAC Solution Components Enterasys NAC Design Guide 1-9 NetSight Management The NAC appliances are configured, monit ored, and managed through management applications within the Enterasys NetSight Suite. Net Sight is a family of products comprised of NetS[...]
-
Pagina 20
Summary 1-10 Overview NetSight Console NetSight Console is used to monitor the health and status of infrastructure devices in the netw ork, including switches, routers, Enterasys NAC appliances (NAC Gatew ays and NAC Controllers) as wel l[...]
-
Pagina 21
Summary Enterasys NAC Design Guide 1 -11 •M o d e l 3: End ‐ Syst em Authorization with Assessment ‐ Implements detection , authentication , assessment , and authorization to provide network access control based on the security posture of a conne[...]
-
Pagina 22
Summary 1-12 Overview[...]
-
Pagina 23
Enterasys NAC Design Guide 2-1 2 NAC Deployment Models This chapter descri bes the four NAC deployment models and how they build on each other to provide a complete NAC solution. The first model imple ments a subset of the fiv e k[...]
-
Pagina 24
Model 1: End-System Detection and Tracking 2-2 NAC Deployment Models RADIUS Access ‐ Accept or Access ‐ Reject message received from the upstream RADIUS server , is returned without modification to the access edge switch, to permit end ‐ system access [...]
-
Pagina 25
Model 2: End-System Authorization Enterasys NAC Design Guide 2-3 and information on the network. Enteras ys NAC can be leveraged to provide information to SIM solutions, by mapping an IP address to an identity , such as a MAC address [...]
-
Pagina 26
Model 2: End-System Authorization 2-4 NAC Deployment Models device ide ntity , us er identity , and/or location information is used to authorize the connecting end ‐ system with a certain level of netw ork access. It is important to note that ?[...]
-
Pagina 27
Model 2: End-System Authorization Enterasys NAC Design Guide 2-5 The NAC Controller may eithe r deny the end ‐ system access to the network or assign the end ‐ system to a particular set of networ k reso urces by specifying a particular p[...]
-
Pagina 28
Model 2: End-System Authorization 2-6 NAC Deployment Models is only provisioned by the Enterasys NAC sol ution when the devices connect to switches in the Network Operations Center (NOC). This level of granularity in provisioning access to ?[...]
-
Pagina 29
Model 2: End-System Authorization Enterasys NAC Design Guide 2-7 a password in the registration web page. This sponsor username and passw ord can be va l i d a te d against an existing database on the netw ork to authenticate the sponsor ʹ s ide[...]
-
Pagina 30
Model 3: End-System Authorization with Assessment 2-8 NAC Deployment Models A RADIUS serv er is only required if out ‐ of ‐ band netw ork access control using the NAC Gatewa y , or inline netw ork access control using the Layer 2 NAC Co ntroller [...]
-
Pagina 31
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2-9 server is running or if the HTTP server is out ‐ of ‐ date) and client ‐ side checks (run ning applications, softw are configurations, instal led operating system patches) provide[...]
-
Pagina 32
Model 3: End-System Authorization with Assessment 2-10 NAC Deployment Models Features and V alue In addition to the features and val u e s found in Model 1 and Model 2, the following are key pieces of functionality and va lu e propositions supported [...]
-
Pagina 33
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2 -11 •A p p l i c a t i o n configuration The NAC solution can determine which services and applications are installed and enabled on the end ‐ system. Certain applications should be r[...]
-
Pagina 34
Model 4: End-System Authorization with Assessment and Remediation 2-12 NAC Deployment Models Required and Optional Component s This section summarizes the required and optional components for Mod el 3. . The NAC Gatew ay and NAC Controller are the NAC appliances used ?[...]
-
Pagina 35
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -13 Assisted remediation informs end users when their end ‐ systems have been quarantin ed due to network securi ty policy non ‐ compliance, and allows end users to ?[...]
-
Pagina 36
Model 4: End-System Authorization with Assessment and Remediation 2-14 NAC Deployment Models Inline NAC For inline Enterasys NAC deployments utilizing the Lay er 2 or Layer 3 NAC Controller , the NAC functions are implemented in the following way : Detection [...]
-
Pagina 37
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -15 traffic with specific source and destination cha racteristics as well as specific app lication identifiers (UDP/TCP ports). In addi tion, the Enterasys NAC solution w[...]
-
Pagina 38
Summary 2-16 NAC Deployment Models Summary Enterasys supports all of the five key NAC functions: detection, authentication, assessment, authorization, and remediation. Howev er , not all fiv e functions need to be implemented concurrently in a ?[...]
-
Pagina 39
Enterasys NAC Design Guide 3-1 3 Use Scenarios This chapter describes four NAC use scenarios that illustrate how the type of NAC deployment is directly dependent on the infrastructure devices deployed in the netw ork. For some network [...]
-
Pagina 40
Scenario 1: Intelligent Wired Access Edge 3-2 Use Scenarios within the same Quarantine VLAN because the authorization point is usually implemented at the exit point of the VLAN via Access Control Lists (ACL s). Policy-Enabled Edge The fol lowing figu[...]
-
Pagina 41
Scenario 1: Intelligent Wired Access Edge Enterasys NAC Design Guide 3-3 RFC 3580 Cap able Edge In this figure the NAC Gatew ay and the other Enterasys NAC components provide network access control for a network with third ‐ party switches that support [...]
-
Pagina 42
Scenario 1: Intelligent Wired Access Edge 3-4 Use Scenarios Scenario 1 Implementation In the intelligent wi red edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects to th[...]
-
Pagina 43
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-5 intellig ent edge on the network. The Mat rix N ‐ series switch is capable of authenticating and authorizing multiple devices connected to a single port for a vari e t y of[...]
-
Pagina 44
Scenario 2: Intelligent Wireless Access Edge 3-6 Use Scenarios Figure 3-3 Intelligent Wirele ss Access Edge - Thin APs with W ireless Switch 1 4 3 2 Wireless Access Point 5 3 Enterasys NAC Manager Intelligent Wireless Controller (RFC 3850-compliant) NAC Gateway (out- of-band appliance) Assessment Server Authentication Server (optionally integrated [...]
-
Pagina 45
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-7 Thick Wireless Edge In a thick wireless deployment, access points forward wirele ss end ‐ system traffic directly onto the wired infrastructure without the use of a wireless switch. ?[...]
-
Pagina 46
Scenario 2: Intelligent Wireless Access Edge 3-8 Use Scenarios Scenario 2 Implementation In the intelligent wireless access edge use scen ario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem conne[...]
-
Pagina 47
Scenario 3: Non-intelligent Access Edge (Wired and Wireless) Enterasys NAC Design Guide 3-9 It is important to note that if the wireless edge of the network is non ‐ i ntelligent and not capable of authenticating and authorizing wireless end ‐ systems, ?[...]
-
Pagina 48
Scenario 3: Non-intelligent Access Edge ( Wired and Wireless) 3-10 Use Scenarios Figure 3-5 Non-intelligent Access Edge (W ired and Wireless) 2 3 3 3 4 5 1 3 Enterasys NAC Manager NAC Controller (inline appliance) Assessment Server Authentication Server (optionally integrated in NAC Controller) Role= Quarantine Layer 3 Wired LAN Role= Quarantine Ro[...]
-
Pagina 49
Scenario 4: VPN Remote Access Enterasys NAC Design Guide 3 -11 Scenario 3 Implementation In the non ‐ intelligent access edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects ?[...]
-
Pagina 50
Scenario 4: VPN Remote Access 3-12 Use Scenarios Figure 3-6 VPN Remote Access Scenario 4 Implementation In the VPN remote access use scenario, the five NAC functions are implemented in the following manner with the deployment of the NAC Controller for ?[...]
-
Pagina 51
Summary Enterasys NAC Design Guide 3 -13 5. Remediation ‐ When the quarantined end user opens a web browser to any web site, its traffic is dynamically redirect ed to a Remediation web page that describes the compliance violation[...]
-
Pagina 52
Summary 3-14 Use Scenarios Scenario 4: VPN remote access Summary: VPN concentrators act as a termination point for remote access VPN tunn els into the enterprise network. Appliance Requirement: NAC Contr oller Inline net work access control is implem ented by deploying the NAC Controller appliance to locally authorize connecting end-systems. T able[...]
-
Pagina 53
Enterasys NAC Design Guide 4-1 4 Design Planning This chapter descri bes the steps yo u should take as yo u begin planning yo ur NAC deployment. The first step is to identify the deployment model that best meets you r business objecti[...]
-
Pagina 54
Survey the Network 4-2 Design Planning access to a web browser to safely remediate their quarantined end ‐ syst em without impacting IT operations. Once a deployment model is se lected, the current network infrastructure must be examined to[...]
-
Pagina 55
Survey the Network Enterasys NAC Design Guide 4-3 The network shown in Figure 4 ‐ 1 below , illustrates the following three examples of how the intellig ent edge can be implemented in a networ k. • Policy ‐ enabled Enterasys devices at the [...]
-
Pagina 56
Survey the Network 4-4 Design Planning For the inline implementation of the Enterasys NAC solution, the NAC Controller authenticates and authorizes end ‐ systems locally on the appliance, and does not rely on the capabilities of downstr[...]
-
Pagina 57
Survey the Network Enterasys NAC Design Guide 4-5 to locally authorize all MAC authentication reque sts for connecting end ‐ systems, thereby not requiring a li st of known MAC addre sses. In fact, Enterasys NAC can be configur ed in a [...]
-
Pagina 58
Survey the Network 4-6 Design Planning Similar to 802.1X, web ‐ based authentication requires the input of credentials and is normally use d on user ‐ centric end ‐ systems that hav e a concept of an associated user , such as a PC. [...]
-
Pagina 59
Survey the Network Enterasys NAC Design Guide 4-7 system at a time, then it is sugg ested that MAC locking (also known as Po r t Secu rity) be enabled on the edge switches to restrict the number of connecting devi ces. If multiple[...]
-
Pagina 60
Survey the Network 4-8 Design Planning authenticated to the netw ork and interact with Enter asys NAC for authenticati on, assessment, authorization, and remediation. Note how ever , that this configuration may not be possible if trusted users ?[...]
-
Pagina 61
Survey the Network Enterasys NAC Design Guide 4-9 If the network infrastructure does not contain intelligent devices at the edg e or distributi on layer , then inline NAC using the NAC Controller as the authorization point for connecting [...]
-
Pagina 62
Survey the Network 4-10 Design Planning this case, the thick AP deployment falls into the category of non ‐ intelligent ed ge devices with the same NAC implementations as a non ‐ intelligent wired edge. These non ‐ intelligent APs must [...]
-
Pagina 63
Identify Inline or Out-of-band NAC Dep loyment Enterasys NAC Design Guide 4 -11 Remote Access VPN In many enterprise environments, a VPN concentrator located at the main site connects to the Internet to provide VPN access to remote users. In this sce[...]
-
Pagina 64
Summary 4-12 Design Planning server . In addi tion, NAC can also be configured to locally authorize MA C authentication requests. 3. Identify the strategic point in the network where end ‐ system authorization should be implemented. The mos[...]
-
Pagina 65
Enterasys NAC Design Guide 5-1 5 Design Procedures This chapter descri bes the design procedures for Enterasys NAC deployment on an ente rprise network. The first section discusses procedures for both out ‐ of ‐ band and inline NAC deployments. ?[...]
-
Pagina 66
Procedures for Out-of-Band and Inline NAC 5-2 Design Procedures Po l i c y Manager is not required for out ‐ of ‐ band NAC that utilizes RFC 3580 ‐ compliant switches (Enterasys and third ‐ party switches). In this case, a VLAN is specified in ?[...]
-
Pagina 67
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-3 Figure 5-1 Se curity Domain NAC Configurations Each Security Domain has a default “NAC configuration” that defines the authentication, assessment, and authorization parameters for all end ‐ systems ?[...]
-
Pagina 68
Procedures for Out-of-Band and Inline NAC 5-4 Design Procedures Figure 5-2 NAC Configuration Authentication The Authenticati on settings define how RADIUS requests are handled for au thenticating end ‐ systems (this does not apply to Layer 3 NAC Controllers.) This[...]
-
Pagina 69
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-5 •H o w health results are processed. When an assessment is performed on an end ‐ syste m, a “health result” is generated. For each health result, there may be sev eral ?[...]
-
Pagina 70
Procedures for Out-of-Band and Inline NAC 5-6 Design Procedures The following figure shows the NAC Manager window used to create or edit a NAC Configuration and defi ne its authentication, assessment, and a uthorization attributes. Figure 5-3 NAC Configurati[...]
-
Pagina 71
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-7 The following table provides examples of var i o u s network scenarios that should be considered when identifyi ng the number and configuration of Sec urity Domains in your NAC [...]
-
Pagina 72
Procedures for Out-of-Band and Inline NAC 5-8 Design Procedures Area of the network that provides access to a group of users or devices that pose a potentiall y high risk to the security or stability of the network. • Switches that provide access to guest users or contractors on a corporate network. These users are usually not directly unde r the[...]
-
Pagina 73
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-9 Area of the network that is configured to allow access only to specific end-systems or users. • Switches that provide access to only pre-configured end-systems and users in highly controlled environments, such as industrial automation networks. For the NAC Gateway , reject a[...]
-
Pagina 74
Procedures for Out-of-Band and Inline NAC 5-10 Design Procedures The following table provides network scenarios from an as sessment standpoint that should be taken into account when identifying the number and configuration of Security Domains. T able 5-2[...]
-
Pagina 75
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -11 Area of the network, or a group of end-systems or users, that require assessment with immediate network access. • Switches that provide network acce ss to mission critical servers, mandating uninterrupted network con nectivity while still implementing assessment. • Switc[...]
-
Pagina 76
Procedures for Out-of-Band and Inline NAC 5-12 Design Procedures 3. Identify Required MAC and User Overrides MAC and user overr ides are used to handle end ‐ syste ms that require a different set of authentication, assessment, and authorization parameters from the[...]
-
Pagina 77
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -13 The following figure display s the windows used for MAC and user override configura tion in NAC Manager . Notice that either an existing NAC Config uration can be used or [...]
-
Pagina 78
Procedures for Out-of-Band and Inline NAC 5-14 Design Procedures The following table describes scenarios where a MAC ov erride may be configured for a particular end ‐ system. T able 5-3 MAC Override Configuratio n Guidelines Network Scenario Examples Security Domain Config uration A dev[...]
-
Pagina 79
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -15 A device or class of devices needs to be restricted network access (“blacklisted”) in a particular Security Domain or in all Security Domains. Denying access or quarantining the MAC addresses of laptops used b y guests or contractors in those areas of the network designa[...]
-
Pagina 80
Procedures for Out-of-Band and Inline NAC 5-16 Design Procedures User Overrides A user ov erride lets you create a configuration for a specific end user , based on the user name. For example, you could create a user override that gives a [...]
-
Pagina 81
Assessment Design Procedures Enterasys NAC Design Guide 5 -17 Manager will not match this end ‐ system and the end ‐ sy stem is assigned the Security Domain’ s default NAC config uration. In addition, the Layer 3 NAC Controller is not able [...]
-
Pagina 82
Assessment Design Procedures 5-18 Design Procedures 2. Determine Assessm ent Server Location When determining the location of the assessme nt servers on th e network, the following factors should be considered: •T h e type of assessment: agent ‐ less or agen[...]
-
Pagina 83
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -19 configuration if the security vul nerability is considered a risk for the organization. For more information on Nessus, ref er to http://nessus.org/ . Out-of-Band NAC Design Procedures The following [...]
-
Pagina 84
Out-of-Band NAC Design Procedures 5-20 Design Procedures 2. Determine the Number of NAC Gateways The number of NAC Gatew ays to be depl oyed on the netw ork is a function of the following parameters: •T h e number of Security Domains configured on th e[...]
-
Pagina 85
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -21 Figure 5-5 NAC Gateway Redund ancy It is important that the secondary NAC Gatew ay does not exceed maximum capacity if the primary NAC Gatew ay fails on the network. For example, let’ s[...]
-
Pagina 86
Out-of-Band NAC Design Procedures 5-22 Design Procedures primary NAC Gatew ay , the transition to the secondary NAC Gateway wi ll not exceed maximum capacity . To support redundancy within a Security Domain for either approach, one additional [...]
-
Pagina 87
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -23 It is important to not e that only the NAC Gateways that are configured with remediation and registration functionality need to be positioned in such a manner . All other [...]
-
Pagina 88
Out-of-Band NAC Design Procedures 5-24 Design Procedures 6. VLAN Configuration This step is for NA C deployments tha t use RFC ‐ 3580 ‐ compliant switches in the intelligent edge of the network to impl ement dynamic VLAN assignment of connecting devi[...]
-
Pagina 89
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -25 previously specified in the NAC configuration must be def ined in NetSight Pol i c y Manager to ensure the consistent allocation of network resources to co nnecting end ‐ systems. Failsafe [...]
-
Pagina 90
Out-of-Band NAC Design Procedures 5-26 Design Procedures Figure 5-6 Policy Role Configuration in NetSig ht Policy Manager Assessment Policy The Assessment Pol ic y ma y be used to temporarily allocate a set of netw ork resources to end ‐ systems while they are being a[...]
-
Pagina 91
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -27 Figure 5-7 Service for the Assessing Role Note that it is not mandatory to assign the Assessment Pol i cy to a connecting end ‐ system while it is being assessed. NAC can be configured [...]
-
Pagina 92
Inline NAC Design Procedures 5-28 Design Procedures Figure 5-8 Service for the Quarantine Role Furthermore, the Quarantine Po l i c y and other network infrastructure devices must be configured to implement HTTP traffic redirection for quaranti ned end ‐ systems to ?[...]
-
Pagina 93
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -29 Howeve r , the closer the NAC Controller is placed to the edge of the network, the more NAC Controllers are required on the netw ork, increasing NAC deployment cost and complex[...]
-
Pagina 94
Inline NAC Design Procedures 5-30 Design Procedures 2. Determine the Numb er of NAC Controllers The number of NAC Controllers to be deploy ed on the network is a function of the following parameters: •T h e network topology . Because the NAC Controller is [...]
-
Pagina 95
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -31 Figure 5-9 Layer 2 NAC Controller Redundancy For a Layer 3 NAC Controller , redundancy is achieved by implementing redundant Layer 3 NAC Controllers on adjacent, but separate networks as shown in [...]
-
Pagina 96
Inline NAC Design Procedures 5-32 Design Procedures 3. Identify Backend RADIUS Server Interaction Layer 2 NAC Controllers detect downs tream end ‐ systems via authentication: MAC, web ‐ based, or 802.1X. If we b ‐ based or 802.1X authenti cation is implemented, th[...]
-
Pagina 97
Additional Considerations Enterasys NAC Design Guide 5 -33 assessment server s to reach the end ‐ system while it is being assessed, regardless of whether the Assessing policy , Enterprise User policy , or any other policy ro le is utilized [...]
-
Pagina 98
Additional Considerations 5-34 Design Procedures[...]