Enterasys Networks 2S4082-25-SYS manual Secure Networks Policy Support, Standards Compatibility

Page 27

Secure Networks Policy Support

Standalone or Rack Mountable Chassis

The Enterasys NAC Controller can be installed as a freestanding unit on a shelf or table. It can also be mounted into a standard 48.26‐centimeter (19‐inch) equipment rack. Refer to “Site Guidelines” on page 2‐1 for requirements on ventilation and cooling.

Secure Networks Policy Support

A fundamental concept that is key to the implementation of the Enterasys Secure Networks methodology is policy‐enabled networking. This approach provides users of the network with the resources they need ‐ in a secure fashion – while at the same time denying access to applications or protocols that are deemed inappropriate based on the user’s function within the organization. By adopting such a “user‐personalized” model, it is possible for business policies to be the guidelines in establishing the technology architecture of the enterprise. Two major objectives are achieved in this way: IT services are matched appropriately with individual users; and the network itself becomes an active participant in the organization’s security strategy. The Secure Networks architecture consists of three tiers:

Classification rules make up the first or bottom tier. The rules apply to devices in the Secure Networks environment, such as switches and routers. The rules are designed to be implemented at or near the user’s point of entry to the network. Rules may be written based on criteria defined in the Layer 2, Layer 3 or Layer 4 information of the data frame.

The middle tier is Services, which are collections of individual classification rules, grouped logically to either permit or deny access to protocols or applications based on the user’s role within the organization. Priority and bandwidth rate limiting may also be defined in services.

Roles, or behavioral profiles, make up the top tier. The roles assign services to various business functions or departments, such as executive, sales, and engineering.

To enhance security and deliver a true policy‐based infrastructure, the Enterasys Secure Networks methodology can take advantage of authentication methods, such as 802.1X, using EAP‐TLS, EAP‐TTLS, or PEAP, as well as other types of authentication. Authorization information, attached to the authentication response, determines the application of policy. Authorization information is communicated via the policy name in a RADIUS Filter‐ID attribute. An administrator can also define a role to be implemented in the absence of an authentication framework. Refer to the release notes shipped with the module for details.

Standards Compatibility

The NAC Controller PEPs are fully compliant with the IEEE 802.3‐2002, 802.3ae‐2002,

802.1D‐1998, and 802.1Q‐1998 standards. The NAC Controller PEP provides IEEE 802.1D‐1998 Spanning Tree Algorithm (STA) support to enhance the overall reliability of the network and protect against “loop” conditions.

LANVIEW Diagnostic LEDs

The NAC Controller PEP uses a built‐in visual diagnostic and status monitoring system called LANVIEW. The LANVIEW LEDs allow quick observation of the network status to aid in diagnosing network problems. “LANVIEW LEDs” on page 2‐2 for information about using the LEDs for troubleshooting.

Enterasys NAC Controller Hardware Installation Guide 1-7

Page 26 Page 28
Image 27
Page 26 Page 28
Contents Enterasys Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents Initializing the NAC Controller NAC Controller PEP InstallationTroubleshooting Appendix a Specifications and Regulatory ComplianceFigures IndexTables MGBIC-08 Xiv How to Use This Guide About This GuideWho Should Use This Guide For Refer to Related DocumentsCommonly Used Acronyms Typographical ConventionsGetting Help Overview IntroductionNAC Controller PEP N1-7C111 ChassisOverview 2S4082-25 NAC Controller PEP 2S4082-25 NAC Controller PEP7S4280-19 NAC Controller PEP 7S4280-19 NAC Controller PEPAuto-Ranging Power Supplies Redundant Power SuppliesPower Supply Lanview LEDs Power Supply Status Through System ManagementStandalone or Rack Mountable Chassis Lanview Diagnostic LEDsSecure Networks Policy Support Standards CompatibilityLanview Diagnostic LEDs Introduction Site Guidelines Installation Requirements and GuidelinesLanview LEDs Configuration GuidelinesPower Supply LEDs Power Supply PS LED Status DefinitionsLED Color Status NAC Controller PEP Network RequirementsFan LED Fan LED States and Definitions1000BASE-T Network Link Aggregation10BASE-T Network 100BASE-TX Network1000BASE-SX/LX/ELX Network Page Unpacking the Enterasys Matrix N1 Chassis Enterasys Matrix N1 Chassis SetupQuantity Setting Up the Enterasys Matrix N1 ChassisInstalling the Chassis on a Flat Surface Order of InstallationInstalling the Chassis into a Rack Installing the Rubber FeetInstalling the Chassis on the Rack Shelf Attaching the Electrostatic Discharge Wrist Strap Installing the Chassis Directly to the RackESD Grounding Receptacle Powering Up a Enterasys Matrix N1 ChassisCooling Fans Connecting the 15-Amp AC Power CordsImportant Notice NAC Controller PEP InstallationRequired Tools Unpacking the NAC Controller PEPContents of Module Carton Quantity Installing Optional Mini-GBICsInstallation Mini-GBIC with LC Connector Removing the Mini-GBIC Installing NAC Controller PEP into the Matrix N1 ChassisPreparation InstallationNAC Controller PEP card Connecting to the NetworkConnecting UTP Cables to the 2S4082-25 N1 Chassis slot Metal back panel FTM2 backplane connectorsRJ45 connector RJ45 port connector port Group Select button Connecting a Twisted Pair Segment to the NAC Controller PEPRX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting Fiber-Optic Cables to Mini-GBICs 10 Cable Connection to MT-RJ Fiber-Optic Connectors 11 Cable Connection to LC Fiber-Optic Connectors Parameter Setting Connecting to COM Port for Local ManagementWhat Is Needed Connecting to an IBM PC or Compatible Device12 Connecting an IBM PC or Compatible Connecting to a VT Series Terminal13 Connecting a VT Series Terminal Connecting to a ModemAdapter Wiring and Signal Assignments COM Port Adapter Wiring and Signal DiagramRJ45 RJ45 DB25 Completing the InstallationVT Series Port Adapter Wiring and Signal Diagram Modem Port Adapter Wiring and Signal DiagramFirst-Time Log-In Using a Console Port Connection 15 Matrix DFE Startup Screen Example N7 Chassis Viewing the Receive and Transmit Activity TroubleshootingUsing Lanview About the Management Mgmt LEDLanview LEDs for the 7S4280-19 Lanview LEDs for the 2S4082-25Lanview LEDs Color State Recommended ActionAlternating 67% on, 33% off Series Configuration Guide for proper setup Troubleshooting ChecklistProblem Possible Cause Recommended Action Troubleshooting ChecklistOFFLINE/RESET Switch for the 2S4082-25 Overview of the NAC Controller PEP Shutdown ProcedureLast Resort Shutdown Procedure Recommended Shutdown ProcedurePage Initializing the NAC Controller NAC Controller Ports Layer 3 NAC Controller Positioning General Management ConsiderationsLayer 2 In-Band Management Topology Layer 2 Out-Of-Band Management Topology Layer 3 Out-Of-Band Management Preparation for NAC Controller InitializationChoose NAC Controller Installation Type NAC Controller Initialization ProcedureEnter the Management Vlan ID NAC Controller Initialization Procedure 12 Setup NAC Controller PEP Networking 13 Enter NetSight Server IP Address 16 Configure System Date and Time 17 Set the System Date 19 Select the UTC/Local Hardware Clock Setting 21 Enable an Snmp Daemon NAC Controller Policy Configuration Setup the Vlan ConfigurationsNAC Controllers Require Separate Domains 24 Determining NAC Controller Mode of Operation 25 Import From Device Wizard Modifying NAC Controllers Preconfigured Policy26 Import From Device Wizard Adding Assessment Classification Rules 28 Services ScreenModifying the Downstream Default Policy Page Table A-1 Chassis Specifications Physical Specifications and Regulatory Compliance7C111 Chassis Specifications and Regulatory Compliance Physical SpecificationsPower Supply Environmental RequirementsRegulatory Requirements Processor/Memory NAC Controller Engine Interface SpecificationsTable A-5 NAC Controller Engine Specifications Ports External Power SupplyEnvironmental Table A-5 NAC Controller Engine SpecificationsTable A-6 COM Port Pin Assignments Signal Name Input/Output NAC Controller Engine COM Port Pinout AssignmentsProcessors/Memory NAC Controller PEP 2S4082-25 Module SpecificationsTable A-7 Specifications for 2S4082-25 Ports2S4082-25 COM Port Pinout Assignments NAC Controller PEP 7S4280-19 SpecificationsTable A-8 COM Port Pin Assignments Signal Name Input/Output Table A-9 SpecificationsMini-GBIC Input/Output Specifications Table A-10 Mini-GBIC Input/Output Port Specifications7S4280-19 COM Port Pinout Assignments Gigabit Ethernet Specifications MGBIC-LC01/MGBIC-MT01 Specifications 1000BASE-SXMGBIC-LC03 Specifications 1000BASE-SX MGBIC-08 Specifications 1000BASE-ELX MGBIC-LC09 Specifications 1000BASE-LXTable A-21 Compliance Standards MGBIC-02 Specifications 1000BASE-TTable A-20 MGBIC-02 / Specifications Regulatory ComplianceSetting the Mode Switches Mode Switch Bank Settings Optional InstallationsLocation of Memory Modules Memory Locations and Replacement ProceduresFlash Dimm Flash Dimm Replacement ProcedureConnector arms Connector fingersFigure B-4 Installing the Dimm Installing the DimmRemoving the Dram Simm Dram Simm Replacement ProcedureInstalling the Dram Simm Connector contactsDram Simm alignment notches Dram Simm Connector arms Connector contactsNumerics IndexIndex-2
Top Page Image Contents