Enterasys Networks 9034385 Plumbing Product User Manual


  Open as PDF
of 98
 
iv
Chapter 3: Use Scenarios
Scenario 1: Intelligent Wired Access Edge ..................................................................................................... 3-1
Policy-Enabled Edge ................................................................................................................................ 3-2
RFC 3580 Capable Edge ......................................................................................................................... 3-3
Scenario 1 Implementation ...................................................................................................................... 3-4
Scenario 2: Intelligent Wireless Access Edge ................................................................................................ 3-5
Thin Wireless Edge .................................................................................................................................. 3-5
Thick Wireless Edge ................................................................................................................................ 3-7
Scenario 2 Implementation ...................................................................................................................... 3-8
Scenario 3: Non-intelligent Access Edge (Wired and Wireless) ..................................................................... 3-9
Scenario 3 Implementation .................................................................................................................... 3-11
Scenario 4: VPN Remote Access ................................................................................................................. 3-11
Scenario 4 Implementation .................................................................................................................... 3-12
Summary ...................................................................................................................................................... 3-13
Chapter 4: Design Planning
Identify the NAC Deployment Model .............................................................................................................. 4-1
Survey the Network ........................................................................................................................................ 4-2
1. Identify the Intelligent Edge of the Network .......................................................................................... 4-2
2. Evaluate Policy/VLAN and Authentication Configuration ..................................................................... 4-4
Case #1: No authentication method is deployed on the network. ......................................................4-4
Case #2: Authentication methods are deployed on the network. .......................................................4-5
3. Identify the Strategic Point for End-System Authorization ...................................................................4-8
4. Identify Network Connection Methods ................................................................................................. 4-9
Wired LAN ..........................................................................................................................................4-9
Wireless LAN......................................................................................................................................4-9
Remote Access WAN .......................................................................................................................4-10
Site-to-Site VPN ...............................................................................................................................4-10
Remote Access VPN ........................................................................................................................4-11
Identify Inline or Out-of-band NAC Deployment ........................................................................................... 4-11
Summary ...................................................................................................................................................... 4-11
Chapter 5: Design Procedures
Procedures for Out-of-Band and Inline NAC .................................................................................................. 5-1
1. Identify Required NetSight Applications ............................................................................................... 5-1
2. Define Network Security Domains ....................................................................................................... 5-2
NAC Configurations............................................................................................................................5-3
3. Identify Required MAC and User Overrides ....................................................................................... 5-12
MAC Overrides .................................................................................................................................5-12
User Overrides .................................................................................................................................5-16
Assessment Design Procedures .................................................................................................................. 5-17
1. Determine the Number of Assessment Servers ................................................................................. 5-17
2. Determine Assessment Server Location ............................................................................................ 5-18
3. Identify Assessment Server Configuration ......................................................................................... 5-18
Out-of-Band NAC Design Procedures .......................................................................................................... 5-19
1. Identify Network Authentication Configuration ................................................................................... 5-19
2. Determine the Number of NAC Gateways ......................................................................................... 5-20
3. Determine NAC Gateway Location .................................................................................................... 5-22
4. Identify Backend RADIUS Server Interaction ..................................................................................... 5-23
5. Determine End-System Mobility Restrictions ..................................................................................... 5-23
6. VLAN Configuration ........................................................................................................................... 5-24
7. Policy Role Configuration ................................................................................................................... 5-24
8. Define NAC Access Policies .............................................................................................................. 5-24
Failsafe Policy and Accept Policy Configuration ..............................................................................5-25
Assessment Policy and Quarantine Policy Configuration.................................................................5-25
 previous next