Overview
The ports located in the lower rows of the NAC Controller are referred to as ʺdownstream ports,ʺ and connect downlink to infrastructure devices such as access layer switches in the network. The two gigabit Ethernet ports located at the top of the NAC Controller are referred to as ʺupstream ports,ʺ and connect uplink to upstream devices such as core routers. The 10/100 Ethernet port located at the top of the NAC Controller supports management functionality with an Out‐Of‐Band management configuration, as explained below. See Figure 6‐1 for the location of the different NAC Controller port types.
It is important to note that the NAC Controller appliance transparently bridges packets at layer 2 from downstream ports to upstream ports, downstream ports to other downstream ports, upstream ports to downstream ports, and upstream port to other upstream ports. Therefore, it is not necessary to have a 1:1 downstream port to upstream port configuration on the NAC Controller. Furthermore, the traffic enforcement point on the NAC Controller is implemented as traffic ingressed the downstream ports per MAC address or IP address before the traffic is bridged through the NAC Controller to any other port. As a result of traffic sourced from an end system being appropriately filtered (for example: forwarded, discarded, contained to a VLAN, or prioritized) upon ingress to the NAC Controller port before it is bridged, the flow of traffic from each downstream end system is securely controlled to all other devices connected to other upstream and downstream ports on the NAC Controller.
Figure 6-1 NAC Controller Ports
Note: Figure
