Enterasys Networks 9034385 Plumbing Product User Manual


  Open as PDF
of 98
 
NAC Solution Components
Enterasys NAC Design Guide 1-9
NetSight Management
TheNACappliancesareconfigured,monitored,andmanagedthroughmanagementapplications
withintheEnterasysNetSightSuite.NetSightisafamilyofproductscomprisedofNetSight
Consoleandasuiteofpluginapplications.OfthefollowingNetSightapplications,NetSightNAC
ManagerandNetSightConsolearerequiredforallfourNACdeploymentmodels,
whileNetSight
PolicyManagerandNetSightInventoryManagerareoptional,dependingonyournetwork
configurationandthenetworkaccesscontrolfeaturesyouwishtoimplement.Followingisa
descriptionoftheNetSightapplications.
NetSight NAC Manager
NetSightNACManagerisarequiredcorecomponentintheEnterasysNACsolution.NAC
ManagerandNACappliancesworkinconjunctiontoimplementnetworkaccesscontrol.NAC
Managerprovidesconfigurationsfortheassessment,authentication,authorization,and
remediationparametersforallNACappliances(NACGatewaysandNACControllers)fromone
centralizedinterface.
Aftertheseconfigurationsareenforced,theNACappliancescandetect,
authenticate,assess,authorize,andremediateendsystemsconnectingtothenetworkaccording
tothoseconfigurationspecifications.
NAC Granularity Advantage:
The NAC Gateway is always aware of
the MAC address of the device
connecting to the network, and its
associated IP address, username,
and location (switch IP address and
port). Therefore, NAC can be
configured to uniquely authenticate,
assess, and authorize specific end-
systems and users in particular
locations in the network.
Disadvantage:
While the Layer 2 NAC Controller
knows the MAC address of the
connecting end-system and can obtain
the associated username, the Layer 3
NAC Controller may not have this
information. Therefore, the Layer 3
NAC Controller lacks the ability to
uniquely authenticate, assess, and
authorize specific devices and users,
and implements NAC for all connected
end-systems in the same way.
Furthermore, Layer 2 and Layer 3
NAC Controllers do not provide
visibility down to the access layer port
to which an end-system is connected,
and cannot control access to the
network based on switch access layer
port connection.
Scalability Advantage:
Very scalable because little if any
end-system data traffic is processed
by the NAC Gateway (being out-of-
band). Therefore, an increased
number of end-systems are
supported per NAC Gateway.
Advantage:
Very scalable because hardware-
based forwarding of data traffic using
Enterasys-built custom ASICs is
implemented to achieve multi-gigabit
throughput speeds for the NAC
Controller.
Table 1-3 Comparison of Appliance Advantages and Disadvantages (continued)
Features NAC Gateway NAC Controller
 previous next