Enterasys Networks 9034385 Plumbing Product User Manual


  Open as PDF
of 98
 
Scenario 2: Intelligent Wireless Access Edge
Enterasys NAC Design Guide 3-5
intelligentedgeonthenetwork.TheMatrixNseriesswitchiscapableofauthenticatingand
authorizingmultipledevicesconnectedtoasingleportforavarietyofnetworktopologies,
rangingfromanIPphonecascadedwithaPConasingleMatrixNseriesport,toastackofnon
intelligent
edgeswitchesuplinkedtoasingleMatrixNseriesportwhereover1000endsystems
connect.Inthisconfiguration,theMatrixNseriesactsastheintelligentedgeswitchonthe
network,althoughnotphysicallylocatedattheaccessedge.Eachindividualendsystemis
authenticatedusing802.1X,webbased,
and/orMACauthenticationandissubsequently
authorizedontheMatrixNseriesinterswitchlinktotheaccessedge.Byprovisioningaccessto
networkresourcesontheMatrixNseriesusingMUA,endsystemtrafficdestinedtoadjacent
switchesonthenetworkcanbesecurelycontainedwithpolicyattheMa trix
Nseriesport.
Scenario 2: Intelligent Wireless Access Edge
Intheintelligentwirelessaccessedgeusescenario,thickAccessPoints(APs)orwirelessswitches
withthinAPsprovideauthenticationandauthorizationforconnectingendsystems.
Forthisusescenario,theNACGatewayapplianceisdeployedforoutofbandnetworkaccess,
leveragingtheintelligentwirelessinfrastructuredevicesastheauthorization
pointforconnecting
endsystems.
Thin Wireless Edge
Inathinwirelessdeployment,wirelessswitchestunnelwirelessendsystemtraffictoandfrom
accesspointsdeployedonthenetwork.Mostthinwirelessdeploymentsarecategorizedunderthe
intelligentwirelessaccessedgeusescenariobecausethewirelessswitchesarecapableof
providingauthentication(802.1x,webbased,orMAC)andare
alsocapableofbeingan
authorizationpointeitherthroughdynamicVLANassignmentasspecifiedinRFC3580or
applicationofuserbasedACLsorpolicy.
ThefollowingfigureillustrateshowtheNACGatewayandtheotherEnterasysNACcomponents
worktogetherinathinwirelessdeployment.
 previous next