Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Enterasys NAC Design Guide 4-1

4

Design Planning

ThischapterdescribesthestepsyoushouldtakeasyoubeginplanningyourNACdeployment.

Thefirststepistoidentifythedeploymentmodelthatbestmeetsyourbusinessobjectives.Then,

thecurrentnetworkinfrastructuremustbeevaluatedinordertodetermineNACcomponent

requirements.Basedonthisevaluation,youwill

beabletodecidewhethertodeployinlineorout‐

of‐bandnetworkaccesscontrol.

Identify the NAC Deployment Model

WhenplanningyourNACdeployment,thefirststepistoidentifytheNACdeploymentmodel,or

aphasedimplementationofmultipledeploymentmodels,thatmeetsyourNACbusiness

objectives.Thefourdeploymentmodelsaresummarizedbelow.Formoreindepthinformationon

eachmodel,seeChapter 2,NACDeploymentModels.

•Model

#1:End‐SystemDetectionandTracking

EnterasysNACdetectsdevicesastheyconnecttothenetwork,identifyingthelocation,MAC

address,IPaddress,andusernameofthepersonusingtheend‐system.Thisinformationis

maintainedovertimeforeachdeviceonthenetwork,yieldingcompletehistoricalinformation

aboutadevice

asitinteractswiththenetwork.

•Model#2:End‐SystemAuthorization

EnterasysNACdetects,authenticates,andauthorizesconnectingend‐systems,tocontrol

accesstonetworkresourcesbasedonlocationaswellasuserandend‐systemidentity.

•Model#3:End‐SystemAuthorizationwithAssessment

EnterasysNACisdeployedwithend‐systemassessmentand

authorization(butwithout

remediation),tocontrolaccesstonetworkresourcesbasedonthesecuritypostureofa

connectingend‐system.Compliantend‐systemsarepermittedontothenetwork,whileend‐

systemsthatfailassessmentcanbedynamicallyquarantinedwithrestrictivenetworkaccess.

•Model#4:End‐SystemAuthorizationwithAssessmentandRemediation

Inadditiontoend‐systemassessmentandauthorization,EnterasysNACisdeployedwith

remediationtodynamicallyinformquarantinedend‐systemsofsecuritycompliance

violations.Usingweb‐basednotification,assistedremediationallowsendusersthathave

For information about... Refer to page...

Identify the NAC Deployment Model 4-1

Survey the Network 4-2

Identify Inline or Out-of-band NAC Deployment 4-11

Summary 4-11

previous next