Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Procedures for Out-of-Band and Inline NAC

5-12 Design Procedures

3. Identify Required MAC and User Overrides

MACanduseroverridesareusedtohandleend‐systemsthatrequireadifferentsetof

authentication,assessment,andauthorizationparametersfromtherestoftheend‐systemsina

SecurityDomain.AMACoruseroverridecanbedefinedwithinthescopeofaspecificSecurity

DomainorallSecurity

Domains.AnoverridescopedtoaspecificSecurityDomainletsyou

specifyhowanend‐systemisauthenticated,assessed,andauthorizedwhenevertheend‐system

connectstothenetworkinthatparticularSecurityDomain.Aglobaloverrideletsyouspecifyhow

anend‐systemisauthenticated,assessed,andauthorizedwhenever

theend‐sy stemconnectsto

anySecurityDomainonthenetwork.

UsethenetworkscenariosandexamplesprovidedinthissectiontodeterminewhatMACand

useroverridesarerequiredforyourNACdeployment.

MAC Overrides

AMACoverrideletsyoucreateaconfigurationforasingleend‐system(basedonafullMAC

address)orforagroupofend‐systems(basedonaMACOUI,aMACOUIGrouporaCustom

MACMask).Forexample,youcouldcreateaMACoverridethatallocatesVoIP

servicestocertain

IPphonesbasedonaMACOUIgroup.Or,youcoulddenyaspecificend‐systembycreatinga

MACoverridethatquarantinestheMACaddressofthatend‐systemandrestrictsitsnetwork

access.

previous next