Enterasys Networks 7S4280-19-SYS, 2S4082-25-SYS The NAC Controller Policy Configuration

The NAC Controller Policy Configuration

6-16 Initializing the NAC Controller

The NAC Controller Policy Configuration

ReviewthefollowingconsiderationspriortoconfiguringpolicyonNACControllerPEPdevices:

NACControllerPEPVLANconfigurationmustconformwiththerequirementsofyournetwork

topology.DuringNACControllerEnginemanagementinitializationforOut‐Of‐Band

managementconfigurations,youenteredamanagementVLANforthisNACController.For

Out‐Of‐Bandconfigurations,thismanagementVLANenteredduringinitializationispushed

downtothePEP.

ForIn‐Bandmanagement,theNACControllermanagementVLANsareconfigured.The

managementVLANSareVLAN1forL2andVLAN90forL3.TherearealsoanumberofVLANs

configuredsuchas3056forPortMirroringor3089forQuarantine.Itisimportantthatyounote

thesedefaultsanddetermineiftheyaredesirableorinconflictwithVLANsalreadypresentin

yournetwork.

TodisplaycurrentVLANsettingsandmakeanychangestoVLANconfigurationsprovidea

consoleconnectiontotheNACControllerPEPhost.0.1.

ForL2accesstotheCLIforNACControllerPEPconfiguration,connecttheconsoletotheNAC

ControllerPEPCOMport.TheCOMportlocationisshowninFigure 6‐23.TheNACController

PEPCLIpromptwilldisplay.

Figure 6-23 NAC Controller PEP COM Port Location

Usetheshowportvlanhost.0.1commandtodisplaythecurrentVLANconfiguratinforthisNAC

ControllerPEP.UsetheshowvlancommandtodisplayallconfiguredVLANs.Onceyouhave

determinedchangesthatmayberequired,referencetheDFE‐PlatinumandDiamondSeries

ConfigurationGuideforinformationpertainingtoVLANconfiguration.

TheNACControllercanbeconfiguredinoneoftwomodesofoperation:L2orL3.Themodeof

operationcontrolshowconnectingendsystemsaredetectedbytheNACControlleronthe

networkandisselectedbasedonwheretheNACControllerispositionedinthenetworkin

relationtotheseendsystems.IftheNACControllerispositionedbeforethefirstroutedboundary

forconnectingendsystemsclosertotheaccessedgeofthenetwork,theL2NACControllermode

isutilized.IftheNACControllerispositionedafterthefirstroutedboundarydeeperinsidethe

network,theL3NACControllermodeisutilized.