Enterasys Networks 2S4082-25-SYS, 7S4280-19-SYS manual General Management Considerations

Page 71

General Management Considerations

General Management Considerations

The following are general NAC Controller management configuration considerations:

The Layer 3 NAC Controller is positioned inbetween two routers on the network. Only one VLAN/subnet spans between these routers as shown in Figure 6‐2. For Layer 3 NAC Controller configuration, all data traffic (non‐management traffic) traversing the NAC Controller between the upstream router and the downstream router must be untagged. The reason for this is that the NAC Controller does not preserve VLAN tagging for data traffic traversing the appliance, regardless of whether in‐band or out‐of‐band management is configured. The upstream and downstream routers must be configured with routed interfaces for this VLAN/subnet as shown below with IP addresses 20.20.20.2/24 and 20 20 20.1/24.

Figure 6-2 Layer 3 NAC Controller Positioning

When using In‐Band management:

Two IP addresses are assigned to the NAC Controller when configured for in‐band management; a management IP address for the NAC Controller Engine and a management IP address for the NAC Controller PEP.

The NAC Controller Engine IP address and NAC Controller PEP IP addresses, masks, and gateway must be part of the same subnet that spans the upstream and downstream routers.

No management VLAN ID is required. All management traffic sourced from the NAC Controller Engine and NAC Controller PEP egresses the upstream and downstream ports of the NAC Controller untagged onto the VLAN that spans the two routers, show as shown below.

A remediation web server IP address is not required. The remediation web server is run off of the management IP address of the NAC Controller Engine.

All directly connected management and router IP addresses on this subnet must be specified during the setup process in order to establish IP connectivity into the topology.

See Figure 6‐5 on page 6‐5 for a diagram on layer 3 In‐Band management. See Figure 6‐3 on page 6‐4 for a diagram on layer 2 In‐Band management.

When using Out‐Of‐Band management:

Three IP addresses are assigned to the Layer 3 NAC Controller when configured for out‐of‐band management; a management IP address and remediation IP address for the NAC Controller Engine and a management IP address for the NAC Controller PEP.

Enterasys NAC Controller Hardware Installation Guide 6-3

Page 70 Page 72
Image 71
Page 70 Page 72
Contents Enterasys Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents Initializing the NAC Controller NAC Controller PEP InstallationTroubleshooting Appendix a Specifications and Regulatory ComplianceFigures IndexTables MGBIC-08 Xiv Who Should Use This Guide How to Use This GuideAbout This Guide For Refer to Related DocumentsCommonly Used Acronyms Typographical ConventionsGetting Help Overview IntroductionNAC Controller PEP N1-7C111 ChassisOverview 2S4082-25 NAC Controller PEP 2S4082-25 NAC Controller PEP7S4280-19 NAC Controller PEP 7S4280-19 NAC Controller PEPAuto-Ranging Power Supplies Redundant Power SuppliesPower Supply Lanview LEDs Power Supply Status Through System ManagementStandalone or Rack Mountable Chassis Lanview Diagnostic LEDsSecure Networks Policy Support Standards CompatibilityLanview Diagnostic LEDs Introduction Site Guidelines Installation Requirements and GuidelinesLanview LEDs Configuration GuidelinesPower Supply LEDs Power Supply PS LED Status DefinitionsLED Color Status NAC Controller PEP Network RequirementsFan LED Fan LED States and Definitions1000BASE-T Network Link Aggregation10BASE-T Network 100BASE-TX Network1000BASE-SX/LX/ELX Network Page Unpacking the Enterasys Matrix N1 Chassis Enterasys Matrix N1 Chassis SetupQuantity Setting Up the Enterasys Matrix N1 ChassisInstalling the Chassis on a Flat Surface Order of InstallationInstalling the Chassis on the Rack Shelf Installing the Chassis into a RackInstalling the Rubber Feet Attaching the Electrostatic Discharge Wrist Strap Installing the Chassis Directly to the RackESD Grounding Receptacle Powering Up a Enterasys Matrix N1 ChassisCooling Fans Connecting the 15-Amp AC Power CordsImportant Notice NAC Controller PEP InstallationRequired Tools Unpacking the NAC Controller PEPContents of Module Carton Quantity Installing Optional Mini-GBICsInstallation Mini-GBIC with LC Connector Removing the Mini-GBIC Installing NAC Controller PEP into the Matrix N1 ChassisPreparation InstallationNAC Controller PEP card Connecting to the NetworkConnecting UTP Cables to the 2S4082-25 N1 Chassis slot Metal back panel FTM2 backplane connectorsRJ45 connector RJ45 port connector port Group Select button Connecting a Twisted Pair Segment to the NAC Controller PEPRX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting Fiber-Optic Cables to Mini-GBICs 10 Cable Connection to MT-RJ Fiber-Optic Connectors 11 Cable Connection to LC Fiber-Optic Connectors Parameter Setting Connecting to COM Port for Local ManagementWhat Is Needed Connecting to an IBM PC or Compatible Device12 Connecting an IBM PC or Compatible Connecting to a VT Series Terminal13 Connecting a VT Series Terminal Connecting to a ModemRJ45 Adapter Wiring and Signal AssignmentsCOM Port Adapter Wiring and Signal Diagram RJ45 DB25 Completing the InstallationVT Series Port Adapter Wiring and Signal Diagram Modem Port Adapter Wiring and Signal DiagramFirst-Time Log-In Using a Console Port Connection 15 Matrix DFE Startup Screen Example N7 Chassis Viewing the Receive and Transmit Activity TroubleshootingUsing Lanview About the Management Mgmt LEDLanview LEDs for the 7S4280-19 Lanview LEDs for the 2S4082-25Alternating 67% on, 33% off Lanview LEDsColor State Recommended Action Series Configuration Guide for proper setup Troubleshooting ChecklistProblem Possible Cause Recommended Action Troubleshooting ChecklistOFFLINE/RESET Switch for the 2S4082-25 Overview of the NAC Controller PEP Shutdown ProcedureLast Resort Shutdown Procedure Recommended Shutdown ProcedurePage Initializing the NAC Controller NAC Controller Ports Layer 3 NAC Controller Positioning General Management ConsiderationsLayer 2 In-Band Management Topology Layer 2 Out-Of-Band Management Topology Layer 3 Out-Of-Band Management Preparation for NAC Controller InitializationChoose NAC Controller Installation Type NAC Controller Initialization ProcedureEnter the Management Vlan ID NAC Controller Initialization Procedure 12 Setup NAC Controller PEP Networking 13 Enter NetSight Server IP Address 16 Configure System Date and Time 17 Set the System Date 19 Select the UTC/Local Hardware Clock Setting 21 Enable an Snmp Daemon NAC Controllers Require Separate Domains NAC Controller Policy ConfigurationSetup the Vlan Configurations 24 Determining NAC Controller Mode of Operation 25 Import From Device Wizard Modifying NAC Controllers Preconfigured Policy26 Import From Device Wizard Adding Assessment Classification Rules 28 Services ScreenModifying the Downstream Default Policy Page Table A-1 Chassis Specifications Physical Specifications and Regulatory Compliance7C111 Chassis Specifications and Regulatory Compliance Physical SpecificationsRegulatory Requirements Power SupplyEnvironmental Requirements Processor/Memory NAC Controller Engine Interface SpecificationsTable A-5 NAC Controller Engine Specifications Ports External Power SupplyEnvironmental Table A-5 NAC Controller Engine SpecificationsTable A-6 COM Port Pin Assignments Signal Name Input/Output NAC Controller Engine COM Port Pinout AssignmentsProcessors/Memory NAC Controller PEP 2S4082-25 Module SpecificationsTable A-7 Specifications for 2S4082-25 Ports2S4082-25 COM Port Pinout Assignments NAC Controller PEP 7S4280-19 SpecificationsTable A-8 COM Port Pin Assignments Signal Name Input/Output Table A-9 Specifications7S4280-19 COM Port Pinout Assignments Mini-GBIC Input/Output SpecificationsTable A-10 Mini-GBIC Input/Output Port Specifications MGBIC-LC03 Specifications 1000BASE-SX Gigabit Ethernet SpecificationsMGBIC-LC01/MGBIC-MT01 Specifications 1000BASE-SX MGBIC-08 Specifications 1000BASE-ELX MGBIC-LC09 Specifications 1000BASE-LXTable A-21 Compliance Standards MGBIC-02 Specifications 1000BASE-TTable A-20 MGBIC-02 / Specifications Regulatory ComplianceSetting the Mode Switches Mode Switch Bank Settings Optional InstallationsLocation of Memory Modules Memory Locations and Replacement ProceduresFlash Dimm Flash Dimm Replacement ProcedureConnector arms Connector fingersFigure B-4 Installing the Dimm Installing the DimmRemoving the Dram Simm Dram Simm Replacement ProcedureInstalling the Dram Simm Connector contactsDram Simm alignment notches Dram Simm Connector arms Connector contactsNumerics IndexIndex-2
Top Page Image Contents