Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Model 4: End-System Authorization with Assessment and Remediation

Enterasys NAC Design Guide 2-15

trafficwithspecificsourceanddestinationcharacteristicsaswellasspecificapplication

identifiers(UDP/TCPports).Inaddition,theEnterasysNACsolutionwillsupportan

unlimitednumberofdifferentquarantinepolicyroles,whichmeansthatthesolutioncan

supportvaryingdegreesofnetworkusagerestrictionsdependingupontheseverityofthe

non

‐complianceorsecuritybreach.ThisisdifferentfrommanyotherNACsolutionsthatonly

offeraVLAN“parkinglot”forend‐systemsthatneedtobequarantined.

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel4.

.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisrequiredbecauseinthisdeploymentmodel,connectingend‐systems

arebeingassessedforsecurityposturecompliance.

ARADIUSserverisonlyrequiredifout‐of‐

bandnetworkaccesscontrolviatheNACGatewayis

implementedwithweb‐basedand/or802.1Xauthentication.

NetSightPolicyManagerisrequiredforallinlineNACdeployments,andrecommendedforout‐

of‐bandNACdeploymentsthatutilizeEnterasyspolicy‐capableswitches.PolicyManager

providestheabilitytocentrallydefineandconfigurethe

authorizationlevelsorpolicies.

NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork

inventoryandchangemanagementcapabilities.

Table 2-4 Component Requirements for Authorization with Assessment and Remediation

Component

Authorization with

Assessment and

Remediation

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Service Required

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

previous next