Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

NAC Solution Components

1-6 Overview

ofsupportingauthenticationand/orauthorization.TheNACControllerisalsorequiredinIPSec

andSSLVPNdeployments.

TheNACControllerprovidesintegratedvulnerabilityassessmentserverfunctionalityand

supportsbothagent‐less(network‐based)andagent‐basedassessment.(Aseparatelicenseis

requiredforintegratedassessment.)Italsosupportstheabilityto

connecttomultipleexternal

assessmentserversincludingNessusandLockdownEnforcer.

TheNACControllercanbeconfiguredinoneoftwomodesofoperation:Layer2orLayer3.The

modeofoperationcontrolshowconnectingend‐systemsaredetectedbytheNACControlleron

thenetworkandisselectedbased

onwheretheNACControllerispositionedinthenetworkin

relationtotheseend‐systems.IftheNACControllerispositionedbeforethefirstroutedboundary

forconnectingend‐systems,closertotheaccessedgeofthenetwork,theLayer2NACController

modeisutilized.Inthismode

ofoperation,theNACControllerdetectsconnectingend‐systems

onthenetworkbyreceivingtrafficfromanewMACaddress.IftheNACControllerispositioned

afterthefirstroutedboundarydeeperinsidethenetwork,theLayer3NACControllermodeis

utilized.Inthismodeofoperation,theNACController

detectsconnectingend‐systemsonthe

networkbyreceivingtrafficfromanewIPaddress.WiththeNACControllersupportingboth

Layer2andLayer3modesofoperation,theNACControllercanbestrategicallypositionedinthe

networktopologytoachievethedesiredlevelofscalabilityandsecurity.

TheNAC

Controllerisavailableintwomodels:

•2S4082‐25‐SYS‐24‐Port10/100/1000NACControllersupportsupto2000concurrentend‐

systems.

• 7S4280‐19‐SYS‐18‐PortSFPNACControllersupportsupto2000concurrentend‐systems.

previous next