Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Procedures for Out-of-Band and Inline NAC

5-2 Design Procedures

PolicyManagerisnotrequiredforout‐of‐bandNACthatutilizesRFC3580‐compliantswitches

(Enterasysandthird‐partyswitches).Inthiscase,aVLANisspecifiedinNACManagerto

authorizeconnectingend‐systemswithaparticularlevelofnetworkaccess,usingdynamicVLAN

assignment.

RefertotheEnterasys

Networkswebsitehttp://www.enterasys.com/products/management/

downloads/NetSight.htmlforNetSightsoftwarelicensinganddownloadinformation.

2. Define Network Security Domains

AdifferentSecurityDomainshouldbedefinedforeachareaofthenetworkthathasitsown

uniquerequirementsforend‐systemauthentication,assessment,andauthorization.

ASecurityDomaindefinesasetofNACGatewaysandNACControllersthathavecommon

authentication,assessment,andauthorizationrequirementsforend‐systemsconnectingto

the

network.ForNACGateways,thedomainalsoincludestheassociatedswitchesthatareuniquely

assignedtothegateways.

ASecurityDomaincanbecomposedofbothNACControllerandNACGatewayappliances.Each

NACGatewaycanonlybeassignedtooneSecurityDomainandthereforeallportsonaparticular

switch(forexample,astackofSecureStackC2switchesoraMatrixN7chassis)canonlybe

associatedtooneSecurityDomain.Likewise,aNACControllercanonlybeassignedtoone

SecurityDomain.

previous next