General Management Considerations

The NAC Controller Engine management IP address is used for management traffic generated from the NAC Controller Engine, and the NAC Controller Engine remediation IP address used to run the remediation web server.

The NAC Controller Engine remediation IP address, mask, and default gateway must belong to the subnet that spans the downstream and upstream routers.

The NAC Controller Engine management IP address along with a mask is assigned to the 10/100 Ethernet port. Therefore, the 10/100 Ethernet port must be connected into the topology with a separate physical link onto the management VLAN. No default gateway is assigned to the management IP address.

The NAC Controller Engine management IP address and NAC Controller PEP IP addresses, masks, and gateway must be part of the same subnet, and not on the subnet that spans the upstream and downstream routers which carries data traffic.

A management VLAN ID must be specified. All management traffic sourced from the NAC Controller PEP egresses the upstream and downstream ports of the NAC Controller tagged to the management VLAN. Therefore, the upstream and downstream routers must be configured to 802.1Q VLAN trunk the management VLAN to the NAC Controller.

The NetSight management server IP address should be configured on the same subnet as the NAC Controller Engine and NAC Controller PEP IP addresses. Otherwise, management traffic sourced from the NAC Controller Engine and NAC Controller PEP will traverse the data VLAN on the way to the NetSight management server.

See Figure 6‐4 on page 6‐5 for a diagram of layer 2 Out‐Of‐Band management and Figure 6‐6 on page 6‐6 for a diagram of layer 3 Out‐Of‐Band management

Figure 6-3 Layer 2 In-Band Management Topology

6-4 Initializing the NAC Controller

Page 72
Image 72
Enterasys Networks 7S4280-19-SYS, 2S4082-25-SYS manual Layer 2 In-Band Management Topology