Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Summary

4-12 Design Planning

server.Inaddition,NACcanalsobeconfiguredtolocallyauthorizeMACauthentication

requests.

3. Identifythestrategicpointinthenetworkwhereend‐systemauthorizationshouldbe

implemented.

Themostsecureplaceforimplementingauthorizationisdirectlyatthepointofconnectionat

theedgeofthenetwork,assupportedby

Enterasyspolicy‐capableswitches.Inthis

configuration,theimplementationofout‐of‐bandNACusingtheNACGatewayappliance

leveragespolicyonEnterasysswitchestosecurelyauthorizeconnectingend‐systems.

Ifthenetworkinfrastructuredoesnotcontainintelligentdevicesattheedgeordistribution

layer,theninlineNACusingtheNAC

Controllerastheauthorizationpointforconnecting

end‐systemsmustbeimplemented.

4. Identifythenetworkconnectiontypesbeingused.Thepreviousstepshavebeenconcerned

withimplementingNACfortheinternalLAN.Inthisstep,thefollowingconnectiontypesare

discussedalongwiththeirimpactontheEnterasysNACsolution.

–Wired

LAN

– WirelessLAN

–RemoteAccessWAN

–Site‐to‐SiteVPN

–RemoteAccessVPN

BasedontheNACdeploymentmodelyouselect,andtheresultsofyournetworkinfrastructure

evaluation,youwillbeabletoidentifywhetherout‐of‐bandNACorinlineNACwillbedeployed

inthedifferentareasofyournetwork.

previous next