Enterasys Networks 9034385 Plumbing Product User Manual


  Open as PDF
of 98
 
v
Unregistered Policy ..........................................................................................................................5-28
Inline NAC Design Procedures ..................................................................................................................... 5-28
1. Determine NAC Controller Location ................................................................................................... 5-28
2. Determine the Number of NAC Controllers ........................................................................................ 5-30
3. Identify Backend RADIUS Server Interaction ..................................................................................... 5-32
4. Define Policy Configuration ................................................................................................................ 5-32
Failsafe Policy and Accept Policy Configuration ..............................................................................5-32
Assessment Policy and Quarantine Policy Configuration.................................................................5-32
Unregistered Policy ..........................................................................................................................5-33
Additional Considerations ............................................................................................................................. 5-33
NAC Deployment With an Intrusion Detection System (IDS) ................................................................. 5-33
NAC Deployment With NetSight ASM .................................................................................................... 5-33
Figures
3-1 Intelligent Wired Access Edge with Enterasys Policy-Enabled Devices............................................. 3-2
3-2 Intelligent Wired Access Edge with RFC 3580 Capable Devices....................................................... 3-3
3-3 Intelligent Wireless Access Edge - Thin APs with Wireless Switch.................................................... 3-6
3-4 Intelligent Wireless Access Edge - Intelligent AP (RFC 3580 Compliant ........................................... 3-7
3-5 Non-intelligent Access Edge (Wired and Wireless) .......................................................................... 3-10
3-6 VPN Remote Access ........................................................................................................................ 3-12
4-1 Network with Intelligent Edge ............................................................................................................. 4-3
4-2 Network with Non-Intelligent Edge ..................................................................................................... 4-4
5-1 Security Domain ................................................................................................................................. 5-3
5-2 NAC Configuration.............................................................................................................................. 5-4
5-3 NAC Configuration for a Security Domain .......................................................................................... 5-6
5-4 MAC and User Override Configuration............................................................................................. 5-13
5-5 NAC Gateway Redundancy.............................................................................................................. 5-21
5-6 Policy Role Configuration in NetSight Policy Manager..................................................................... 5-26
5-7 Service for the Assessing Role......................................................................................................... 5-27
5-8 Service for the Quarantine Role ....................................................................................................... 5-28
5-9 Layer 2 NAC Controller Redundancy ............................................................................................... 5-31
5-10 Layer 3 NAC Controller Redundancy ............................................................................................... 5-31
Tables
1-1 Component Requirements for NAC Deployment Models ................................................................... 1-4
1-2 Comparison of Appliance Functionality .............................................................................................. 1-7
1-3 Comparison of Appliance Advantages and Disadvantages................................................................ 1-8
2-1 Component Requirements for Detection and Tracking ...................................................................... 2-3
2-2 Component Requirements for Authorization ...................................................................................... 2-7
2-3 Component Requirements for Authorization with Assessment ........................................................ 2-12
2-4 Component Requirements for Authorization with Assessment and Remediation ............................ 2-15
2-5 Enterasys NAC Deployment Models ................................................................................................ 2-16
3-1 Use Scenario Summaries................................................................................................................. 3-13
5-1 Security Domain Configuration Guidelines......................................................................................... 5-7
5-2 Security Domain Configuration Guidelines for Assessment ............................................................. 5-10
5-3 MAC Override Configuration Guidelines .......................................................................................... 5-14
5-4 End-System Limits for NAC Gateways............................................................................................. 5-20
5-5 End-System Limits for NAC Controllers ........................................................................................... 5-30
 previous next