Enterasys Networks 7S4280-19-SYS, 2S4082-25-SYS

General Management Considerations

6-4 Initializing the NAC Controller

–TheNACControllerEnginemanagementIPaddressisusedformanagementtraffic

generatedfromtheNACControllerEngine,andtheNACControllerEngineremediation

IPaddressusedtoruntheremediationwebserver.

–TheNACControllerEngineremediationIPaddress,mask,anddefaultgatewaymust

belongtothesubnetthatspansthedownstreamandupstreamrouters.

–TheNACControllerEnginemanagementIPaddressalongwithamaskisassignedtothe

10/100Ethernetport.Therefore,the10/100Ethernetportmustbeconnectedintothe

topologywithaseparatephysicallinkontothemanagementVLAN.Nodefaultgateway

isassignedtothemanagementIPaddress.

–TheNACControllerEnginemanagementIPaddressandNACControllerPEPIP

addresses,masks,andgatewaymustbepartofthesamesubnet,andnotonthesubnet

thatspanstheupstreamanddownstreamrouterswhichcarriesdatatraffic.

–AmanagementVLANIDmustbespecified.Allmanagementtrafficsourcedfromthe

NACControllerPEPegressestheupstreamanddownstreamportsoftheNACController

taggedtothemanagementVLAN.Therefore,theupstreamanddownstreamrouters

mustbeconfiguredto802.1QVLANtrunkthemanagementVLANtotheNAC

Controller.

–TheNetSightmanagementserverIPaddressshouldbeconfiguredonthesamesubnetas

theNACControllerEngineandNACControllerPEPIPaddresses.Otherwise,

managementtrafficsourcedfromtheNACControllerEngineandNACControllerPEP

willtraversethedataVLANonthewaytotheNetSightmanagementserver.

SeeFigure 6‐4onpage 6‐5foradiagramoflayer2Out‐Of‐BandmanagementandFigure 6‐6on

page 6‐6foradiagramoflayer3Out‐Of‐Bandmanagement

Figure 6-3 Layer 2 In-Band Management Topology