Enterasys NAC Controller Hardware Installation Guide 6-1
6
Initializing the NAC Controller
ThischapterprovidesadetaileddiscussionoftheNAC Controllersoftwareinitialzation.
Overview
TheNACControlleriscomposedoftwosubcompents,thePolicyEnforcementPoint(PEP)and
theEngine.EachcomponenthasanIPaddress,andthecomponentsaremanagedjointlyinthe
operationoftheNACControlleronthenetwork.WhenconfiguringtheNACControllerforIP
connectivityinthenetworktopology,itisimportanttoconsiderboththeNACControllerPEPand
NACControllerEngineasdescribedbelow.
TwomanagementconfigurationsfortheNACControlleraresupporteddependingonthe
managementtopologyofyournetwork:in‐bandmanagementorout‐of‐bandmanagement.For
thein‐bandmanagementconfiguration,allmanagementtrafficsourcedfromtheNACController
isgeneratedontothedataVLANalongwithendsystemtrafficthatistraversingtheappliance.
Fortheout‐of‐bandmanagementconfiguration,allmanagementtrafficsourcedfromtheNAC
ControllerisgeneratedonadifferentVLANthantheendsystemtraffic.Moredetailsaboutthese
managementconfigurationsasrelatedtorequiredsettingsofadjacentnetworkinfrastructure
devicesareexplainedbelow.Eitherthein‐bandorout‐of‐bandmanagementconfigurationis
supportedfortheLayer2(L2)andLayer3(L3)NACController.Therefore,oneofthefollowing
configurationsmustbeselectedastheinstallationtypeduringtheintializationoftheNAC
Controller:
•Layer2NAC ControllerwithIn‐BandManagement
•Layer2NAC ControllerwithOut‐Of‐BandManagement
•Layer3NAC ControllerwithIn‐BandManagement
•Layer3NAC ControllerwithOut‐Of‐BandManagement
For information about... Refer to page...
Overview 6-1
General Management Considerations 6-3
Preparation for NAC Controller Initialization 6-6
The NAC Controller Initialization Procedure 6-7
The NAC Controller Policy Configuration 6-16
Note: The NAC Controller software initialization will take place within a single discussion.
Unless otherwise specified, the content of the discussion applies to all four installation
types.