Model 2: End-System Authorization
Enterasys NAC Design Guide 2-3
andinformationonthenetwork.EnterasysNACcanbeleveragedtoprovideinformationto
SIMsolutions,bymappinganIPaddresstoanidentity,suchasaMACaddressorusername
andlocation,foramorecompleterepresentationoftheattacksourceortargetonthenetwork.
Inthisway,the
EnterasysNACsolutionfurtherenhancestheoperationofexistingsecurity
technologiesdeployedonthenetwork.
Required and Optional Components
ThissectionsummarizestherequiredandoptionalcomponentsforModel1.
.
TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐
bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.
NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances
deployedonthenetwork.
NetSightConsoleisthesoftwareapplicationusedto
monitorthehealthandstatusof
infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances
(NACGatewaysandNACControllers).
Assessmentfunctionalityisoptionalbecauseinthisdeploymentmodel,end‐systemsarenotbeing
assessedforsecurityposturecompliancewhenconnectingtothenetwork.
ARADIUSserveris
onlyrequiredifout‐of‐bandnetworkaccesscontrolusingtheNACGateway,
orinlinenetworkaccesscontrolusingtheLayer2NACController,isimplementedwithweb‐
basedand/or802.1Xauthenticati on.
NetSightPolicyManagerisnotrequiredbecauseadditionalpoliciesandauthorizationlevelsdo
notneedtobedefined
forthisdeploymentmodel.
NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork
inventoryandchangemanagementcapabilities.
Model 2: End-System Authorization
ThisNACdeploymentmodelimplementsthedetection,authentication,andauthorizationof
connectingend‐systems,tocontrolaccesstonetworkresourcesbasedonuserandend‐system
identity,aswellaslocation.InModel1,end‐systemsandendusersaredetectedandtrackedon
thenetworkovertime.ThisgivesIT
operationsvisibilityintowhatdevicesareconnectedtothe
network,whoisusingthesedevices,andwherethesedevicesareconnected.Inmodel2,the
Table 2-1 Component Requirements for Detection and Tracking
Component
Detection and
Tracking
NAC Appliance Required
NetSight NAC Manager Required
NetSight Console Required
Assessment Optional
RADIUS Server Optional
NetSight Policy Manager Optional
NetSight Inventory Manager Optional