Enterasys Networks 9034385 Plumbing Product User Manual


  Open as PDF
of 98
 
Out-of-Band NAC Design Procedures
Enterasys NAC Design Guide 5-25
previouslyspecifiedintheNACconfigurationmustbedefinedinNetSightPolicyManagerto
ensuretheconsistentallocationofnetworkresourcestoconnectingendsystems.
Failsafe Policy and Accept Policy Configuration
TheFailsafePolicyisassignedtoendsystemswhenanerroroccursintheNACprocess.Anerror
stateresultsiftheendsy stemʹsIPaddresscouldnotbedeterminedfromitsMACaddress,orif
therewasanassessmenterrorandanassessmentoftheendsystemcouldnot
takeplace.
ForEnterasyspolicyenabledswitches,acorrespondingpolicyrole(createdinPolicyManager)
shouldallocateanonrestrictivesetofnetworkresourcestotheconnectingendsystemsoitcan
continueitsconnectivityonthenetwork,eventhoughanerroroccurredintheNACprocess.
TheAcceptPolicyisassigned
toanendsystemwhenithasbeenauthorizedlocallybytheNAC
Gatewayandwhenanendsystemhaspassedanassessment(ifanassessmentwasrequired),orif
theAcceptPolicyhasbeenconfiguredtoreplacetheFi lterIDinformationreturnedinthe
RADIUSauthenticationmessages.
ForEnterasyspolicy
enabledswitches,acorrespondingpolicyrole(createdinPolicyManager)
wouldallocatetheappropriatesetofnetworkresourcesfortheendsystemdependingontheir
roleintheenterprise.Forexample,youmightassociatetheAcceptPolicytothe“EnterpriseUser”
rolethatisdefinedintheNetSightPolicyManager
demo.pmdfile.
Assessment Policy and Quarantine Policy Configuration
TheAssessmentPolicyandQuarantinePolicyareusedwhenendsystemassessmentis
implementedintheNACdeployment.ThepolicyrolesshowninthePolicyManagerwindow
belowcorrespondtotheaccesspoliciesusedinNACManager.Forexample,theAssessingPolicy
roleinPolicyManagercorrespondstotheAssessmentPolicy
inNACManager.Notethatthe
Administrator,EnterpriseUser,EnterpriseAccess,and GuestAccesspolicyrolesarealsodefine d
inthePolicyManagerdemo.pmdfile.
 previous next