Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

NAC Solution Components

1-4 Overview

NAC Solution Components

ThissectiondiscussestherequiredandoptionalcomponentsoftheEnterasysNACsolution,

beginningwiththefollowingtablethatsummarizesthecomponentrequirementsforeachofthe

fourdeploymentmodels.

.

The NAC Appliance

TheNACapplianceisacorecomponentoftheEnterasysNACsolutionandisrequiredforall

NACdeploymentmodels.Itprovidestheabilitytodetect,au thenticate,andeffectthe

authorizationofenddevicesattemptingtoconnecttothenetwork.Italsointegrateswithor

connectstoassessmentservicestodetermine

thesecuritypostureofend‐systemsconnectingto

thenetwork.Onceauthenticationandassessmentarecomplete,theNACapplianceeffectsthe

authorizationofdevicesonthenetworkbyallocatingtheappropriatenetworkresourcestothe

end‐systembasedonauthenticationand/orassessmentresults.

Ifauthenticationfailsand/ortheassessmentresultsindicate

anoncompliantend‐system,theNAC

appliancecandenytheend‐systemaccesstothenetwork,q uarant inethe end‐systemwitha

highlyrestrictivesetofnetworkresources,orpermitnetworkaccess,dependingontheappliance’s

configuration.

TheNACappliancealsoprovidestheremediationfunctionalitybymeansofaRemediationWeb



Serverthatrunsontheappliance.Remediationinformsenduserswhentheirend‐systemshave

beenquarantinedduetonetworksecuritypolicynon‐compliance,andallowsendusers tosafely

remediatetheirend‐systemswithoutassistancefromIToperations.

Table 1-1 Component Requirements for NAC Deployment Models

NAC Component

Model 1

Detection and

Tracking

Model 2

Authorization

Model 3

Authorization with

Assessment

Model 4

Authorization with

Assessment and

Remediation

NAC Appliance Required Required Required Required

NetSight NAC

Manager

Required Required Required Required

NetSight Console Required Required Required Required

Assessment Server Optional Optional Required Required

RADIUS Server

1

Optional Optional Optional Optional

NetSight Policy

Manager

2

Optional Optional Optional Optional

NetSight Inventory

Manager

3

Optional Optional Optional Optional

1. A RADIUS server is only required if out-of-band NAC is implemented with the NAC Gateway, and

802.1X or web-based authentication is deployed on the network.

2. NetSight Policy Manager is required for inline NAC deployments. NetSight Policy Manager is

suggested if Enterasys policy-capable switches are deployed on the network and utilized as the

traffic enforcement or authorization point for connecting devices. Policy Manager allows the

centralized definition and deployment of policies to Enterasys switches for the consistency and

ease of management of the authorization levels for connecting end-systems.

3. NetSight Inventory Manager is suggested if Enterasys switches are deployed on the network for

ease of firmware and configuration management across the enterprise.

previous next