Enterasys Networks 2S4082-25-SYS, 7S4280-19-SYS manual Initializing the NAC Controller, Overview

Page 69

6

Initializing the NAC Controller

This chapter provides a detailed discussion of the NAC Controller software initialzation.

For information about...	Refer to page...

Overview	6-1

General Management Considerations	6-3

Preparation for NAC Controller Initialization	6-6

The NAC Controller Initialization Procedure	6-7

The NAC Controller Policy Configuration	6-16

Overview

The NAC Controller is composed of two subcompents, the Policy Enforcement Point (PEP) and the Engine. Each component has an IP address, and the components are managed jointly in the operation of the NAC Controller on the network. When configuring the NAC Controller for IP connectivity in the network topology, it is important to consider both the NAC Controller PEP and NAC Controller Engine as described below.

Two management configurations for the NAC Controller are supported depending on the management topology of your network: in‐band management or out‐of‐band management. For the in‐band management configuration, all management traffic sourced from the NAC Controller is generated onto the data VLAN along with end system traffic that is traversing the appliance. For the out‐of‐band management configuration, all management traffic sourced from the NAC Controller is generated on a different VLAN than the end system traffic. More details about these management configurations as related to required settings of adjacent network infrastructure devices are explained below. Either the in‐band or out‐of‐band management configuration is supported for the Layer 2 (L2) and Layer 3 (L3) NAC Controller. Therefore, one of the following configurations must be selected as the installation type during the intialization of the NAC Controller:

•Layer 2 NAC Controller with In‐Band Management

•Layer 2 NAC Controller with Out‐Of‐Band Management

•Layer 3 NAC Controller with In‐Band Management

•Layer 3 NAC Controller with Out‐Of‐Band Management

Note: The NAC Controller software initialization will take place within a single discussion. Unless otherwise specified, the content of the discussion applies to all four installation types.

Enterasys NAC Controller Hardware Installation Guide 6-1

Image 69

Contents Enterasys Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents Troubleshooting NAC Controller PEP InstallationAppendix a Specifications and Regulatory Compliance Initializing the NAC ControllerFigures IndexTables MGBIC-08 Xiv How to Use This Guide About This GuideWho Should Use This Guide For Refer to Related DocumentsCommonly Used Acronyms Typographical ConventionsGetting Help Overview IntroductionNAC Controller PEP N1-7C111 ChassisOverview 2S4082-25 NAC Controller PEP 2S4082-25 NAC Controller PEP7S4280-19 NAC Controller PEP 7S4280-19 NAC Controller PEPPower Supply Lanview LEDs Redundant Power SuppliesPower Supply Status Through System Management Auto-Ranging Power SuppliesSecure Networks Policy Support Lanview Diagnostic LEDsStandards Compatibility Standalone or Rack Mountable ChassisLanview Diagnostic LEDs Introduction Site Guidelines Installation Requirements and GuidelinesPower Supply LEDs Configuration GuidelinesPower Supply PS LED Status Definitions Lanview LEDsFan LED NAC Controller PEP Network RequirementsFan LED States and Definitions LED Color Status10BASE-T Network Link Aggregation100BASE-TX Network 1000BASE-T Network1000BASE-SX/LX/ELX Network Page Unpacking the Enterasys Matrix N1 Chassis Enterasys Matrix N1 Chassis SetupInstalling the Chassis on a Flat Surface Setting Up the Enterasys Matrix N1 ChassisOrder of Installation QuantityInstalling the Chassis into a Rack Installing the Rubber FeetInstalling the Chassis on the Rack Shelf Attaching the Electrostatic Discharge Wrist Strap Installing the Chassis Directly to the RackESD Grounding Receptacle Powering Up a Enterasys Matrix N1 ChassisCooling Fans Connecting the 15-Amp AC Power CordsRequired Tools NAC Controller PEP InstallationUnpacking the NAC Controller PEP Important NoticeContents of Module Carton Quantity Installing Optional Mini-GBICsInstallation Mini-GBIC with LC Connector Removing the Mini-GBIC Installing NAC Controller PEP into the Matrix N1 ChassisPreparation InstallationConnecting UTP Cables to the 2S4082-25 Connecting to the NetworkN1 Chassis slot Metal back panel FTM2 backplane connectors NAC Controller PEP cardRJ45 connector RJ45 port connector port Group Select button Connecting a Twisted Pair Segment to the NAC Controller PEPRX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting Fiber-Optic Cables to Mini-GBICs 10 Cable Connection to MT-RJ Fiber-Optic Connectors 11 Cable Connection to LC Fiber-Optic Connectors What Is Needed Connecting to COM Port for Local ManagementConnecting to an IBM PC or Compatible Device Parameter Setting12 Connecting an IBM PC or Compatible Connecting to a VT Series Terminal13 Connecting a VT Series Terminal Connecting to a ModemAdapter Wiring and Signal Assignments COM Port Adapter Wiring and Signal DiagramRJ45 VT Series Port Adapter Wiring and Signal Diagram Completing the InstallationModem Port Adapter Wiring and Signal Diagram RJ45 DB25First-Time Log-In Using a Console Port Connection 15 Matrix DFE Startup Screen Example N7 Chassis Using Lanview TroubleshootingAbout the Management Mgmt LED Viewing the Receive and Transmit ActivityLanview LEDs for the 7S4280-19 Lanview LEDs for the 2S4082-25Lanview LEDs Color State Recommended ActionAlternating 67% on, 33% off Series Configuration Guide for proper setup Troubleshooting ChecklistProblem Possible Cause Recommended Action Troubleshooting ChecklistOFFLINE/RESET Switch for the 2S4082-25 Overview of the NAC Controller PEP Shutdown ProcedureLast Resort Shutdown Procedure Recommended Shutdown ProcedurePage Initializing the NAC Controller NAC Controller Ports Layer 3 NAC Controller Positioning General Management ConsiderationsLayer 2 In-Band Management Topology Layer 2 Out-Of-Band Management Topology Layer 3 Out-Of-Band Management Preparation for NAC Controller InitializationChoose NAC Controller Installation Type NAC Controller Initialization ProcedureEnter the Management Vlan ID NAC Controller Initialization Procedure 12 Setup NAC Controller PEP Networking 13 Enter NetSight Server IP Address 16 Configure System Date and Time 17 Set the System Date 19 Select the UTC/Local Hardware Clock Setting 21 Enable an Snmp Daemon NAC Controller Policy Configuration Setup the Vlan ConfigurationsNAC Controllers Require Separate Domains 24 Determining NAC Controller Mode of Operation 25 Import From Device Wizard Modifying NAC Controllers Preconfigured Policy26 Import From Device Wizard Adding Assessment Classification Rules 28 Services ScreenModifying the Downstream Default Policy Page 7C111 Chassis Specifications and Regulatory Compliance Specifications and Regulatory CompliancePhysical Specifications Table A-1 Chassis Specifications PhysicalPower Supply Environmental RequirementsRegulatory Requirements Table A-5 NAC Controller Engine Specifications Ports NAC Controller Engine Interface SpecificationsExternal Power Supply Processor/MemoryTable A-6 COM Port Pin Assignments Signal Name Input/Output Table A-5 NAC Controller Engine SpecificationsNAC Controller Engine COM Port Pinout Assignments EnvironmentalTable A-7 Specifications for 2S4082-25 NAC Controller PEP 2S4082-25 Module SpecificationsPorts Processors/MemoryTable A-8 COM Port Pin Assignments Signal Name Input/Output NAC Controller PEP 7S4280-19 SpecificationsTable A-9 Specifications 2S4082-25 COM Port Pinout AssignmentsMini-GBIC Input/Output Specifications Table A-10 Mini-GBIC Input/Output Port Specifications7S4280-19 COM Port Pinout Assignments Gigabit Ethernet Specifications MGBIC-LC01/MGBIC-MT01 Specifications 1000BASE-SXMGBIC-LC03 Specifications 1000BASE-SX MGBIC-08 Specifications 1000BASE-ELX MGBIC-LC09 Specifications 1000BASE-LXTable A-20 MGBIC-02 / Specifications MGBIC-02 Specifications 1000BASE-TRegulatory Compliance Table A-21 Compliance StandardsSetting the Mode Switches Mode Switch Bank Settings Optional InstallationsLocation of Memory Modules Memory Locations and Replacement ProceduresConnector arms Flash Dimm Replacement ProcedureConnector fingers Flash DimmFigure B-4 Installing the Dimm Installing the DimmInstalling the Dram Simm Dram Simm Replacement ProcedureConnector contacts Removing the Dram SimmDram Simm alignment notches Dram Simm Connector arms Connector contactsNumerics IndexIndex-2