Summary
4-12 Design Planning
server.Inaddition,NACcanalsobeconfiguredtolocallyauthorizeMACauthentication
requests.
3. Identifythestrategicpointinthenetworkwhereend‐systemauthorizationshouldbe
implemented.
Themostsecureplaceforimplementingauthorizationisdirectlyatthepointofconnectionat
theedgeofthenetwork,assupportedby
Enterasyspolicy‐capableswitches.Inthis
configuration,theimplementationofout‐of‐bandNACusingtheNACGatewayappliance
leveragespolicyonEnterasysswitchestosecurelyauthorizeconnectingend‐systems.
Ifthenetworkinfrastructuredoesnotcontainintelligentdevicesattheedgeordistribution
layer,theninlineNACusingtheNAC
Controllerastheauthorizationpointforconnecting
end‐systemsmustbeimplemented.
4. Identifythenetworkconnectiontypesbeingused.Thepreviousstepshavebeenconcerned
withimplementingNACfortheinternalLAN.Inthisstep,thefollowingconnectiontypesare
discussedalongwiththeirimpactontheEnterasysNACsolution.
–Wired
LAN
– WirelessLAN
–RemoteAccessWAN
–Site‐to‐SiteVPN
–RemoteAccessVPN
BasedontheNACdeploymentmodelyouselect,andtheresultsofyournetworkinfrastructure
evaluation,youwillbeabletoidentifywhetherout‐of‐bandNACorinlineNACwillbedeployed
inthedifferentareasofyournetwork.