Enterasys Networks 9034385 инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 98 страниц
- 2.28 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Computer Hardware
Enterasys Networks DFE-256MB-UGK
5 страниц 0.25 mb -
Network Router
Enterasys Networks RBT-1002-EU
56 страниц 0.53 mb -
Network Card
Enterasys Networks BL-69108ENT
36 страниц 0.51 mb -
Switch
Enterasys Networks TRPZ-MP-372-CN
28 страниц 0.48 mb -
Network Router
Enterasys Networks E9.1.7.0
31 страниц 0.35 mb -
Switch
Enterasys Networks G3G170-24
59 страниц 2.15 mb -
Switch
Enterasys Networks C2G124-48P
82 страниц 1.52 mb -
Switch
Enterasys Networks TRPZ-MP-422
28 страниц 0.48 mb
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Enterasys Networks 9034385. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Enterasys Networks 9034385 или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Enterasys Networks 9034385 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций Enterasys Networks 9034385, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции Enterasys Networks 9034385 должна находится:
- информация относительно технических данных устройства Enterasys Networks 9034385
- название производителя и год производства оборудования Enterasys Networks 9034385
- правила обслуживания, настройки и ухода за оборудованием Enterasys Networks 9034385
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Enterasys Networks 9034385 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Enterasys Networks 9034385 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Enterasys Networks, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Enterasys Networks 9034385, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Enterasys Networks 9034385, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Enterasys Networks 9034385. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
Enterasys ® Network Access Control Design Guide P/N 9034385[...]
-
Страница 2
[...]
-
Страница 3
i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web si te without prior notice. The reader should in all cases co nsult Enterasys Netw orks [...]
-
Страница 4
ii[...]
-
Страница 5
iii Contents About This Guide Intended Audience .......... ............. ................. ............ ................. ............. ................ ........... .................. ............. vii Related Documents ............... ............. ................ ............. ................ ............. ................ ....... ............ [...]
-
Страница 6
iv Chapter 3: Use Scenarios Scenario 1: Intelligent Wired Access E dge ............ ............. ................ ................ ............. ............... ..... ........... 3-1 Policy-Enabled Edge ................. ... ............. ............. ................ ............. ............. ............. ...... ................... .. 3-2 RFC[...]
-
Страница 7
v Unregistered Policy ................... ............. ............. ................ ............. ................ ............. ..... .............. 5-28 Inline NAC Design Procedures ........................... ............. ................ ................ ............. ............. .......... ......... 5-28 1. Determine NAC Contro ller Loca[...]
-
Страница 8
vi[...]
-
Страница 9
Enterasys NAC Design Gu ide vii About This Guide The NAC Design Guide describes the technical considerations for the planning and design of the Enterasys Netw ork Access Contr ol (NAC) solution. The guide includes the following information: Inten[...]
-
Страница 10
Getting Help viii About This Guide •E n t e r a s y s NA C Manager Online Help. Explains how to use NAC Manager to configure you r NAC appliances, and to put in place authenti cation and assessment requirements for the end ‐ systems a[...]
-
Страница 11
Enterasys NAC Design Guide 1-1 1 Overview This chapter provides an overview of the Enterasys Network Access Control (NAC) solution, including a descripti on of key NAC functions and deployment models. It also introd uces the required and [...]
-
Страница 12
NAC Solution Overview 1-2 Overview Assessment Determine if th e device complies with corporate security and configuration requirements, such as operating system patch revision levels and anti virus signature definitions. Other security compliance req[...]
-
Страница 13
NAC Solution Overview Enterasys NAC Design Guide 1-3 Model 1: End-system Detection and T racking This NAC deployment model implements the detection piece of NAC functionality . It supports the ability to track users and end ‐ sys tems over time by identify[...]
-
Страница 14
NAC Solution Components 1-4 Overview NAC Solution Component s This section discusses the required and optional components of the Enterasys NAC solution, beginning with the following table that summarizes the component requirements for each of the[...]
-
Страница 15
NAC Solution Components Enterasys NAC Design Guide 1-5 Enterasys offers two types of NA C appliances: the NAC Gatew ay appliance implements out ‐ of ‐ band network access control, and the NAC Controller appliance implements inline network access [...]
-
Страница 16
NAC Solution Components 1-6 Overview of supporting authentication and/or authorization. The NAC Controller is also required in IPSec and SSL VPN deployments. The NAC Controller provides integrated vulnerability assessment serv er functionality an[...]
-
Страница 17
NAC Solution Components Enterasys NAC Design Guide 1-7 Appliance Comp arison The following table compares how the two NA C appliance types implement the five NAC functions. T able 1-2 Comp arison of Appliance Funct ionality NAC Function NAC Gateway NAC Controller Detection RADIUS authenticatio[...]
-
Страница 18
NAC Solution Components 1-8 Overview Ta b l e 1 ‐ 3 outlines the adv antages and disadv antages of the tw o appliance types as they pertain to network securi ty , scalabilit y , and configuration/implementation. T able 1-3 Comp arison of Appliance Adva ntag es and Disadva[...]
-
Страница 19
NAC Solution Components Enterasys NAC Design Guide 1-9 NetSight Management The NAC appliances are configured, monit ored, and managed through management applications within the Enterasys NetSight Suite. Net Sight is a family of products comprised of NetS[...]
-
Страница 20
Summary 1-10 Overview NetSight Console NetSight Console is used to monitor the health and status of infrastructure devices in the netw ork, including switches, routers, Enterasys NAC appliances (NAC Gatew ays and NAC Controllers) as wel l[...]
-
Страница 21
Summary Enterasys NAC Design Guide 1 -11 •M o d e l 3: End ‐ Syst em Authorization with Assessment ‐ Implements detection , authentication , assessment , and authorization to provide network access control based on the security posture of a conne[...]
-
Страница 22
Summary 1-12 Overview[...]
-
Страница 23
Enterasys NAC Design Guide 2-1 2 NAC Deployment Models This chapter descri bes the four NAC deployment models and how they build on each other to provide a complete NAC solution. The first model imple ments a subset of the fiv e k[...]
-
Страница 24
Model 1: End-System Detection and Tracking 2-2 NAC Deployment Models RADIUS Access ‐ Accept or Access ‐ Reject message received from the upstream RADIUS server , is returned without modification to the access edge switch, to permit end ‐ system access [...]
-
Страница 25
Model 2: End-System Authorization Enterasys NAC Design Guide 2-3 and information on the network. Enteras ys NAC can be leveraged to provide information to SIM solutions, by mapping an IP address to an identity , such as a MAC address [...]
-
Страница 26
Model 2: End-System Authorization 2-4 NAC Deployment Models device ide ntity , us er identity , and/or location information is used to authorize the connecting end ‐ system with a certain level of netw ork access. It is important to note that ?[...]
-
Страница 27
Model 2: End-System Authorization Enterasys NAC Design Guide 2-5 The NAC Controller may eithe r deny the end ‐ system access to the network or assign the end ‐ system to a particular set of networ k reso urces by specifying a particular p[...]
-
Страница 28
Model 2: End-System Authorization 2-6 NAC Deployment Models is only provisioned by the Enterasys NAC sol ution when the devices connect to switches in the Network Operations Center (NOC). This level of granularity in provisioning access to ?[...]
-
Страница 29
Model 2: End-System Authorization Enterasys NAC Design Guide 2-7 a password in the registration web page. This sponsor username and passw ord can be va l i d a te d against an existing database on the netw ork to authenticate the sponsor ʹ s ide[...]
-
Страница 30
Model 3: End-System Authorization with Assessment 2-8 NAC Deployment Models A RADIUS serv er is only required if out ‐ of ‐ band netw ork access control using the NAC Gatewa y , or inline netw ork access control using the Layer 2 NAC Co ntroller [...]
-
Страница 31
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2-9 server is running or if the HTTP server is out ‐ of ‐ date) and client ‐ side checks (run ning applications, softw are configurations, instal led operating system patches) provide[...]
-
Страница 32
Model 3: End-System Authorization with Assessment 2-10 NAC Deployment Models Features and V alue In addition to the features and val u e s found in Model 1 and Model 2, the following are key pieces of functionality and va lu e propositions supported [...]
-
Страница 33
Model 3: End-System Authorization with Assessment Enterasys NAC Design Guide 2 -11 •A p p l i c a t i o n configuration The NAC solution can determine which services and applications are installed and enabled on the end ‐ system. Certain applications should be r[...]
-
Страница 34
Model 4: End-System Authorization with Assessment and Remediation 2-12 NAC Deployment Models Required and Optional Component s This section summarizes the required and optional components for Mod el 3. . The NAC Gatew ay and NAC Controller are the NAC appliances used ?[...]
-
Страница 35
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -13 Assisted remediation informs end users when their end ‐ systems have been quarantin ed due to network securi ty policy non ‐ compliance, and allows end users to ?[...]
-
Страница 36
Model 4: End-System Authorization with Assessment and Remediation 2-14 NAC Deployment Models Inline NAC For inline Enterasys NAC deployments utilizing the Lay er 2 or Layer 3 NAC Controller , the NAC functions are implemented in the following way : Detection [...]
-
Страница 37
Model 4: End-System Authorization with Assessment and Reme diation Enterasys NAC Design Guide 2 -15 traffic with specific source and destination cha racteristics as well as specific app lication identifiers (UDP/TCP ports). In addi tion, the Enterasys NAC solution w[...]
-
Страница 38
Summary 2-16 NAC Deployment Models Summary Enterasys supports all of the five key NAC functions: detection, authentication, assessment, authorization, and remediation. Howev er , not all fiv e functions need to be implemented concurrently in a ?[...]
-
Страница 39
Enterasys NAC Design Guide 3-1 3 Use Scenarios This chapter describes four NAC use scenarios that illustrate how the type of NAC deployment is directly dependent on the infrastructure devices deployed in the netw ork. For some network [...]
-
Страница 40
Scenario 1: Intelligent Wired Access Edge 3-2 Use Scenarios within the same Quarantine VLAN because the authorization point is usually implemented at the exit point of the VLAN via Access Control Lists (ACL s). Policy-Enabled Edge The fol lowing figu[...]
-
Страница 41
Scenario 1: Intelligent Wired Access Edge Enterasys NAC Design Guide 3-3 RFC 3580 Cap able Edge In this figure the NAC Gatew ay and the other Enterasys NAC components provide network access control for a network with third ‐ party switches that support [...]
-
Страница 42
Scenario 1: Intelligent Wired Access Edge 3-4 Use Scenarios Scenario 1 Implementation In the intelligent wi red edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects to th[...]
-
Страница 43
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-5 intellig ent edge on the network. The Mat rix N ‐ series switch is capable of authenticating and authorizing multiple devices connected to a single port for a vari e t y of[...]
-
Страница 44
Scenario 2: Intelligent Wireless Access Edge 3-6 Use Scenarios Figure 3-3 Intelligent Wirele ss Access Edge - Thin APs with W ireless Switch 1 4 3 2 Wireless Access Point 5 3 Enterasys NAC Manager Intelligent Wireless Controller (RFC 3850-compliant) NAC Gateway (out- of-band appliance) Assessment Server Authentication Server (optionally integrated [...]
-
Страница 45
Scenario 2: Intelligent Wireless Access Edge Enterasys NAC Design Guide 3-7 Thick Wireless Edge In a thick wireless deployment, access points forward wirele ss end ‐ system traffic directly onto the wired infrastructure without the use of a wireless switch. ?[...]
-
Страница 46
Scenario 2: Intelligent Wireless Access Edge 3-8 Use Scenarios Scenario 2 Implementation In the intelligent wireless access edge use scen ario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem conne[...]
-
Страница 47
Scenario 3: Non-intelligent Access Edge (Wired and Wireless) Enterasys NAC Design Guide 3-9 It is important to note that if the wireless edge of the network is non ‐ i ntelligent and not capable of authenticating and authorizing wireless end ‐ systems, ?[...]
-
Страница 48
Scenario 3: Non-intelligent Access Edge ( Wired and Wireless) 3-10 Use Scenarios Figure 3-5 Non-intelligent Access Edge (W ired and Wireless) 2 3 3 3 4 5 1 3 Enterasys NAC Manager NAC Controller (inline appliance) Assessment Server Authentication Server (optionally integrated in NAC Controller) Role= Quarantine Layer 3 Wired LAN Role= Quarantine Ro[...]
-
Страница 49
Scenario 4: VPN Remote Access Enterasys NAC Design Guide 3 -11 Scenario 3 Implementation In the non ‐ intelligent access edge use scenario, the five NAC functions are implemented in the following manner: 1. Detection ‐ The user ʹ s end ‐ sy stem connects ?[...]
-
Страница 50
Scenario 4: VPN Remote Access 3-12 Use Scenarios Figure 3-6 VPN Remote Access Scenario 4 Implementation In the VPN remote access use scenario, the five NAC functions are implemented in the following manner with the deployment of the NAC Controller for ?[...]
-
Страница 51
Summary Enterasys NAC Design Guide 3 -13 5. Remediation ‐ When the quarantined end user opens a web browser to any web site, its traffic is dynamically redirect ed to a Remediation web page that describes the compliance violation[...]
-
Страница 52
Summary 3-14 Use Scenarios Scenario 4: VPN remote access Summary: VPN concentrators act as a termination point for remote access VPN tunn els into the enterprise network. Appliance Requirement: NAC Contr oller Inline net work access control is implem ented by deploying the NAC Controller appliance to locally authorize connecting end-systems. T able[...]
-
Страница 53
Enterasys NAC Design Guide 4-1 4 Design Planning This chapter descri bes the steps yo u should take as yo u begin planning yo ur NAC deployment. The first step is to identify the deployment model that best meets you r business objecti[...]
-
Страница 54
Survey the Network 4-2 Design Planning access to a web browser to safely remediate their quarantined end ‐ syst em without impacting IT operations. Once a deployment model is se lected, the current network infrastructure must be examined to[...]
-
Страница 55
Survey the Network Enterasys NAC Design Guide 4-3 The network shown in Figure 4 ‐ 1 below , illustrates the following three examples of how the intellig ent edge can be implemented in a networ k. • Policy ‐ enabled Enterasys devices at the [...]
-
Страница 56
Survey the Network 4-4 Design Planning For the inline implementation of the Enterasys NAC solution, the NAC Controller authenticates and authorizes end ‐ systems locally on the appliance, and does not rely on the capabilities of downstr[...]
-
Страница 57
Survey the Network Enterasys NAC Design Guide 4-5 to locally authorize all MAC authentication reque sts for connecting end ‐ systems, thereby not requiring a li st of known MAC addre sses. In fact, Enterasys NAC can be configur ed in a [...]
-
Страница 58
Survey the Network 4-6 Design Planning Similar to 802.1X, web ‐ based authentication requires the input of credentials and is normally use d on user ‐ centric end ‐ systems that hav e a concept of an associated user , such as a PC. [...]
-
Страница 59
Survey the Network Enterasys NAC Design Guide 4-7 system at a time, then it is sugg ested that MAC locking (also known as Po r t Secu rity) be enabled on the edge switches to restrict the number of connecting devi ces. If multiple[...]
-
Страница 60
Survey the Network 4-8 Design Planning authenticated to the netw ork and interact with Enter asys NAC for authenticati on, assessment, authorization, and remediation. Note how ever , that this configuration may not be possible if trusted users ?[...]
-
Страница 61
Survey the Network Enterasys NAC Design Guide 4-9 If the network infrastructure does not contain intelligent devices at the edg e or distributi on layer , then inline NAC using the NAC Controller as the authorization point for connecting [...]
-
Страница 62
Survey the Network 4-10 Design Planning this case, the thick AP deployment falls into the category of non ‐ intelligent ed ge devices with the same NAC implementations as a non ‐ intelligent wired edge. These non ‐ intelligent APs must [...]
-
Страница 63
Identify Inline or Out-of-band NAC Dep loyment Enterasys NAC Design Guide 4 -11 Remote Access VPN In many enterprise environments, a VPN concentrator located at the main site connects to the Internet to provide VPN access to remote users. In this sce[...]
-
Страница 64
Summary 4-12 Design Planning server . In addi tion, NAC can also be configured to locally authorize MA C authentication requests. 3. Identify the strategic point in the network where end ‐ system authorization should be implemented. The mos[...]
-
Страница 65
Enterasys NAC Design Guide 5-1 5 Design Procedures This chapter descri bes the design procedures for Enterasys NAC deployment on an ente rprise network. The first section discusses procedures for both out ‐ of ‐ band and inline NAC deployments. ?[...]
-
Страница 66
Procedures for Out-of-Band and Inline NAC 5-2 Design Procedures Po l i c y Manager is not required for out ‐ of ‐ band NAC that utilizes RFC 3580 ‐ compliant switches (Enterasys and third ‐ party switches). In this case, a VLAN is specified in ?[...]
-
Страница 67
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-3 Figure 5-1 Se curity Domain NAC Configurations Each Security Domain has a default “NAC configuration” that defines the authentication, assessment, and authorization parameters for all end ‐ systems ?[...]
-
Страница 68
Procedures for Out-of-Band and Inline NAC 5-4 Design Procedures Figure 5-2 NAC Configuration Authentication The Authenticati on settings define how RADIUS requests are handled for au thenticating end ‐ systems (this does not apply to Layer 3 NAC Controllers.) This[...]
-
Страница 69
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-5 •H o w health results are processed. When an assessment is performed on an end ‐ syste m, a “health result” is generated. For each health result, there may be sev eral ?[...]
-
Страница 70
Procedures for Out-of-Band and Inline NAC 5-6 Design Procedures The following figure shows the NAC Manager window used to create or edit a NAC Configuration and defi ne its authentication, assessment, and a uthorization attributes. Figure 5-3 NAC Configurati[...]
-
Страница 71
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-7 The following table provides examples of var i o u s network scenarios that should be considered when identifyi ng the number and configuration of Sec urity Domains in your NAC [...]
-
Страница 72
Procedures for Out-of-Band and Inline NAC 5-8 Design Procedures Area of the network that provides access to a group of users or devices that pose a potentiall y high risk to the security or stability of the network. • Switches that provide access to guest users or contractors on a corporate network. These users are usually not directly unde r the[...]
-
Страница 73
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5-9 Area of the network that is configured to allow access only to specific end-systems or users. • Switches that provide access to only pre-configured end-systems and users in highly controlled environments, such as industrial automation networks. For the NAC Gateway , reject a[...]
-
Страница 74
Procedures for Out-of-Band and Inline NAC 5-10 Design Procedures The following table provides network scenarios from an as sessment standpoint that should be taken into account when identifying the number and configuration of Security Domains. T able 5-2[...]
-
Страница 75
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -11 Area of the network, or a group of end-systems or users, that require assessment with immediate network access. • Switches that provide network acce ss to mission critical servers, mandating uninterrupted network con nectivity while still implementing assessment. • Switc[...]
-
Страница 76
Procedures for Out-of-Band and Inline NAC 5-12 Design Procedures 3. Identify Required MAC and User Overrides MAC and user overr ides are used to handle end ‐ syste ms that require a different set of authentication, assessment, and authorization parameters from the[...]
-
Страница 77
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -13 The following figure display s the windows used for MAC and user override configura tion in NAC Manager . Notice that either an existing NAC Config uration can be used or [...]
-
Страница 78
Procedures for Out-of-Band and Inline NAC 5-14 Design Procedures The following table describes scenarios where a MAC ov erride may be configured for a particular end ‐ system. T able 5-3 MAC Override Configuratio n Guidelines Network Scenario Examples Security Domain Config uration A dev[...]
-
Страница 79
Procedures for Out-of-Band and Inline NAC Enterasys NAC Design Guide 5 -15 A device or class of devices needs to be restricted network access (“blacklisted”) in a particular Security Domain or in all Security Domains. Denying access or quarantining the MAC addresses of laptops used b y guests or contractors in those areas of the network designa[...]
-
Страница 80
Procedures for Out-of-Band and Inline NAC 5-16 Design Procedures User Overrides A user ov erride lets you create a configuration for a specific end user , based on the user name. For example, you could create a user override that gives a [...]
-
Страница 81
Assessment Design Procedures Enterasys NAC Design Guide 5 -17 Manager will not match this end ‐ system and the end ‐ sy stem is assigned the Security Domain’ s default NAC config uration. In addition, the Layer 3 NAC Controller is not able [...]
-
Страница 82
Assessment Design Procedures 5-18 Design Procedures 2. Determine Assessm ent Server Location When determining the location of the assessme nt servers on th e network, the following factors should be considered: •T h e type of assessment: agent ‐ less or agen[...]
-
Страница 83
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -19 configuration if the security vul nerability is considered a risk for the organization. For more information on Nessus, ref er to http://nessus.org/ . Out-of-Band NAC Design Procedures The following [...]
-
Страница 84
Out-of-Band NAC Design Procedures 5-20 Design Procedures 2. Determine the Number of NAC Gateways The number of NAC Gatew ays to be depl oyed on the netw ork is a function of the following parameters: •T h e number of Security Domains configured on th e[...]
-
Страница 85
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -21 Figure 5-5 NAC Gateway Redund ancy It is important that the secondary NAC Gatew ay does not exceed maximum capacity if the primary NAC Gatew ay fails on the network. For example, let’ s[...]
-
Страница 86
Out-of-Band NAC Design Procedures 5-22 Design Procedures primary NAC Gatew ay , the transition to the secondary NAC Gateway wi ll not exceed maximum capacity . To support redundancy within a Security Domain for either approach, one additional [...]
-
Страница 87
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -23 It is important to not e that only the NAC Gateways that are configured with remediation and registration functionality need to be positioned in such a manner . All other [...]
-
Страница 88
Out-of-Band NAC Design Procedures 5-24 Design Procedures 6. VLAN Configuration This step is for NA C deployments tha t use RFC ‐ 3580 ‐ compliant switches in the intelligent edge of the network to impl ement dynamic VLAN assignment of connecting devi[...]
-
Страница 89
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -25 previously specified in the NAC configuration must be def ined in NetSight Pol i c y Manager to ensure the consistent allocation of network resources to co nnecting end ‐ systems. Failsafe [...]
-
Страница 90
Out-of-Band NAC Design Procedures 5-26 Design Procedures Figure 5-6 Policy Role Configuration in NetSig ht Policy Manager Assessment Policy The Assessment Pol ic y ma y be used to temporarily allocate a set of netw ork resources to end ‐ systems while they are being a[...]
-
Страница 91
Out-of-Band NAC Design Procedures Enterasys NAC Design Guide 5 -27 Figure 5-7 Service for the Assessing Role Note that it is not mandatory to assign the Assessment Pol i cy to a connecting end ‐ system while it is being assessed. NAC can be configured [...]
-
Страница 92
Inline NAC Design Procedures 5-28 Design Procedures Figure 5-8 Service for the Quarantine Role Furthermore, the Quarantine Po l i c y and other network infrastructure devices must be configured to implement HTTP traffic redirection for quaranti ned end ‐ systems to ?[...]
-
Страница 93
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -29 Howeve r , the closer the NAC Controller is placed to the edge of the network, the more NAC Controllers are required on the netw ork, increasing NAC deployment cost and complex[...]
-
Страница 94
Inline NAC Design Procedures 5-30 Design Procedures 2. Determine the Numb er of NAC Controllers The number of NAC Controllers to be deploy ed on the network is a function of the following parameters: •T h e network topology . Because the NAC Controller is [...]
-
Страница 95
Inline NAC Design Procedures Enterasys NAC Design Guide 5 -31 Figure 5-9 Layer 2 NAC Controller Redundancy For a Layer 3 NAC Controller , redundancy is achieved by implementing redundant Layer 3 NAC Controllers on adjacent, but separate networks as shown in [...]
-
Страница 96
Inline NAC Design Procedures 5-32 Design Procedures 3. Identify Backend RADIUS Server Interaction Layer 2 NAC Controllers detect downs tream end ‐ systems via authentication: MAC, web ‐ based, or 802.1X. If we b ‐ based or 802.1X authenti cation is implemented, th[...]
-
Страница 97
Additional Considerations Enterasys NAC Design Guide 5 -33 assessment server s to reach the end ‐ system while it is being assessed, regardless of whether the Assessing policy , Enterprise User policy , or any other policy ro le is utilized [...]
-
Страница 98
Additional Considerations 5-34 Design Procedures[...]