Enterasys Networks 7S4280-19-SYS, 2S4082-25-SYS manual NAC Controller Policy Configuration

Page 84

The NAC Controller Policy Configuration

The NAC Controller Policy Configuration

Review the following considerations prior to configuring policy on NAC Controller PEP devices:

Setup the VLAN Configurations

NAC Controller PEP VLAN configuration must conform with the requirements of your network topology. During NAC Controller Engine management initialization for Out‐Of‐Band management configurations, you entered a management VLAN for this NAC Controller. For Out‐Of‐Band configurations, this management VLAN entered during initialization is pushed down to the PEP.

For In‐Band management, the NAC Controller management VLANs are configured. The management VLANS are VLAN 1 for L2 and VLAN 90 for L3. There are also a number of VLANs configured such as 3056 for Port Mirroring or 3089 for Quarantine. It is important that you note these defaults and determine if they are desirable or in conflict with VLANs already present in your network.

To display current VLAN settings and make any changes to VLAN configurations provide a console connection to the NAC Controller PEP host.0.1.

For L2 access to the CLI for NAC Controller PEP configuration, connect the console to the NAC Controller PEP COM port. The COM port location is shown in Figure 6‐23. The NAC Controller PEP CLI prompt will display.

Figure 6-23 NAC Controller PEP COM Port Location

Use the show port vlan host.0.1 command to display the current VLAN configuratin for this NAC Controller PEP. Use the show vlan command to display all configured VLANs. Once you have determined changes that may be required, reference the DFE‐Platinum and Diamond Series Configuration Guide for information pertaining to VLAN configuration.

NAC Controllers Require Separate Domains

The NAC Controller can be configured in one of two modes of operation: L2 or L3. The mode of operation controls how connecting end systems are detected by the NAC Controller on the network and is selected based on where the NAC Controller is positioned in the network in relation to these end systems. If the NAC Controller is positioned before the first routed boundary for connecting end systems closer to the access edge of the network, the L2 NAC Controller mode is utilized. If the NAC Controller is positioned after the first routed boundary deeper inside the network, the L3 NAC Controller mode is utilized.

6-16 Initializing the NAC Controller

Page 83 Page 85
Image 84
Page 83 Page 85
Contents Enterasys Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents NAC Controller PEP Installation TroubleshootingAppendix a Specifications and Regulatory Compliance Initializing the NAC ControllerIndex FiguresTables MGBIC-08 Xiv How to Use This Guide About This GuideWho Should Use This Guide Related Documents For Refer toTypographical Conventions Commonly Used AcronymsGetting Help Introduction OverviewN1-7C111 Chassis NAC Controller PEPOverview 2S4082-25 NAC Controller PEP 2S4082-25 NAC Controller PEP7S4280-19 NAC Controller PEP 7S4280-19 NAC Controller PEPRedundant Power Supplies Power Supply Lanview LEDsPower Supply Status Through System Management Auto-Ranging Power SuppliesLanview Diagnostic LEDs Secure Networks Policy SupportStandards Compatibility Standalone or Rack Mountable ChassisLanview Diagnostic LEDs Introduction Installation Requirements and Guidelines Site GuidelinesConfiguration Guidelines Power Supply LEDsPower Supply PS LED Status Definitions Lanview LEDsNAC Controller PEP Network Requirements Fan LEDFan LED States and Definitions LED Color StatusLink Aggregation 10BASE-T Network100BASE-TX Network 1000BASE-T Network1000BASE-SX/LX/ELX Network Page Enterasys Matrix N1 Chassis Setup Unpacking the Enterasys Matrix N1 ChassisSetting Up the Enterasys Matrix N1 Chassis Installing the Chassis on a Flat SurfaceOrder of Installation QuantityInstalling the Chassis into a Rack Installing the Rubber FeetInstalling the Chassis on the Rack Shelf Installing the Chassis Directly to the Rack Attaching the Electrostatic Discharge Wrist StrapPowering Up a Enterasys Matrix N1 Chassis ESD Grounding ReceptacleConnecting the 15-Amp AC Power Cords Cooling FansNAC Controller PEP Installation Required ToolsUnpacking the NAC Controller PEP Important NoticeInstalling Optional Mini-GBICs Contents of Module Carton QuantityInstallation Mini-GBIC with LC Connector Installing NAC Controller PEP into the Matrix N1 Chassis Removing the Mini-GBICInstallation PreparationConnecting to the Network Connecting UTP Cables to the 2S4082-25N1 Chassis slot Metal back panel FTM2 backplane connectors NAC Controller PEP cardConnecting a Twisted Pair Segment to the NAC Controller PEP RJ45 connector RJ45 port connector port Group Select buttonRX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting Fiber-Optic Cables to Mini-GBICs 10 Cable Connection to MT-RJ Fiber-Optic Connectors 11 Cable Connection to LC Fiber-Optic Connectors Connecting to COM Port for Local Management What Is NeededConnecting to an IBM PC or Compatible Device Parameter SettingConnecting to a VT Series Terminal 12 Connecting an IBM PC or CompatibleConnecting to a Modem 13 Connecting a VT Series TerminalAdapter Wiring and Signal Assignments COM Port Adapter Wiring and Signal DiagramRJ45 Completing the Installation VT Series Port Adapter Wiring and Signal DiagramModem Port Adapter Wiring and Signal Diagram RJ45 DB25First-Time Log-In Using a Console Port Connection 15 Matrix DFE Startup Screen Example N7 Chassis Troubleshooting Using LanviewAbout the Management Mgmt LED Viewing the Receive and Transmit ActivityLanview LEDs for the 2S4082-25 Lanview LEDs for the 7S4280-19Lanview LEDs Color State Recommended ActionAlternating 67% on, 33% off Troubleshooting Checklist Series Configuration Guide for proper setupTroubleshooting Checklist Problem Possible Cause Recommended ActionOverview of the NAC Controller PEP Shutdown Procedure OFFLINE/RESET Switch for the 2S4082-25Recommended Shutdown Procedure Last Resort Shutdown ProcedurePage Initializing the NAC Controller NAC Controller Ports General Management Considerations Layer 3 NAC Controller PositioningLayer 2 In-Band Management Topology Layer 2 Out-Of-Band Management Topology Preparation for NAC Controller Initialization Layer 3 Out-Of-Band ManagementNAC Controller Initialization Procedure Choose NAC Controller Installation TypeEnter the Management Vlan ID NAC Controller Initialization Procedure 12 Setup NAC Controller PEP Networking 13 Enter NetSight Server IP Address 16 Configure System Date and Time 17 Set the System Date 19 Select the UTC/Local Hardware Clock Setting 21 Enable an Snmp Daemon NAC Controller Policy Configuration Setup the Vlan ConfigurationsNAC Controllers Require Separate Domains 24 Determining NAC Controller Mode of Operation Modifying NAC Controllers Preconfigured Policy 25 Import From Device Wizard26 Import From Device Wizard 28 Services Screen Adding Assessment Classification RulesModifying the Downstream Default Policy Page Specifications and Regulatory Compliance 7C111 Chassis Specifications and Regulatory CompliancePhysical Specifications Table A-1 Chassis Specifications PhysicalPower Supply Environmental RequirementsRegulatory Requirements NAC Controller Engine Interface Specifications Table A-5 NAC Controller Engine Specifications PortsExternal Power Supply Processor/MemoryTable A-5 NAC Controller Engine Specifications Table A-6 COM Port Pin Assignments Signal Name Input/OutputNAC Controller Engine COM Port Pinout Assignments EnvironmentalNAC Controller PEP 2S4082-25 Module Specifications Table A-7 Specifications for 2S4082-25Ports Processors/MemoryNAC Controller PEP 7S4280-19 Specifications Table A-8 COM Port Pin Assignments Signal Name Input/OutputTable A-9 Specifications 2S4082-25 COM Port Pinout AssignmentsMini-GBIC Input/Output Specifications Table A-10 Mini-GBIC Input/Output Port Specifications7S4280-19 COM Port Pinout Assignments Gigabit Ethernet Specifications MGBIC-LC01/MGBIC-MT01 Specifications 1000BASE-SXMGBIC-LC03 Specifications 1000BASE-SX MGBIC-LC09 Specifications 1000BASE-LX MGBIC-08 Specifications 1000BASE-ELXMGBIC-02 Specifications 1000BASE-T Table A-20 MGBIC-02 / SpecificationsRegulatory Compliance Table A-21 Compliance StandardsMode Switch Bank Settings Optional Installations Setting the Mode SwitchesMemory Locations and Replacement Procedures Location of Memory ModulesFlash Dimm Replacement Procedure Connector armsConnector fingers Flash DimmInstalling the Dimm Figure B-4 Installing the DimmDram Simm Replacement Procedure Installing the Dram SimmConnector contacts Removing the Dram SimmDram Simm Connector arms Connector contacts Dram Simm alignment notchesIndex NumericsIndex-2
Top Page Image Contents