Survey the Network
4-4 Design Planning
FortheinlineimplementationoftheEnterasysNACsolution,theNACControllerauthenticates
andauthorizesend‐systemslocallyontheappliance,anddoesnotrelyonthecapabilitiesof
downstreaminfrastructuredevices.Becauseofthis,theNACControllercanbeutilizedin
networkswherenon‐intelligentand/orintelligentinfrastructuredevicesexist
attheedgeofthe
network.Ifthenetworkdoesnothaveanintelligentedge,thentheNACControllermustbe
deployedinordertoprovidetheauthenticationandauthorizationcapabilitiesrequiredfor
implementingnetworkaccesscontrol,asshowninFigure 4‐2.
Figure 4-2 Network with Non-Intelligent Edge
2. Evaluate Policy/VLAN and Authentication Configuration
Foranetworkwithanintelligentedge,thesecondstepinsurveyingyournetworkistoevaluate
thenetworkauthenticationmethodcurrentlybeingused,andhowthedeploymentofEnterasys
NACwillaffectit.Anetworkwithanintelligentedgecanbeclassifiedintooneoftwocases:either
authenticationis
deployedonthenetworkoritisnot.
Case #1: No authentication method is deployed on the network.
Ifauthenticationisnotconfiguredonthenetwork,out‐of‐bandNACcanbedeployedwith
minimalconfigurationbyim plementingMACauthenticationontheintelligentedgeofthe
network(iftheedgeswitchessupportMACauthentication).TheNACGatewaycanbeconfigured
Note: This step is not necessary if in step 1 you determined that the network does not have an
intelligent edge and the inline NAC Controller appliance will be deployed to provide the
authentication and policy enforcement capabilities.