Enterasys Networks 2S4082-25-SYS, 7S4280-19-SYS guide

The NAC Controller Policy Configuration

Modifying the Downstream Default Policy

Depending on the network configuration or circumstances, itʹs possible that traffic from the upstream side could be rerouted to the NAC Controller, where it would be authenticated using the upstream source IP address. To avoid this problem, add a Layer 3 IP Address Source rule to the downstream default policy configured on the NAC Controller, using the upstream IP subnets (or critical servers located in the upstream) and containing the traffic to a VLAN.

Enterasys NAC Controller Hardware Installation Guide 6-21

Image 89

Enterasys Networks 2S4082-25-SYS, 7S4280-19-SYS manual Modifying the Downstream Default Policy

Contents

Enterasys Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents Troubleshooting NAC Controller PEP InstallationAppendix a Specifications and Regulatory Compliance Initializing the NAC Controller Figures Index Tables MGBIC-08 Xiv Who Should Use This Guide How to Use This GuideAbout This Guide For Refer to Related Documents Commonly Used Acronyms Typographical Conventions Getting Help Overview Introduction NAC Controller PEP N1-7C111 Chassis Overview 2S4082-25 NAC Controller PEP 2S4082-25 NAC Controller PEP 7S4280-19 NAC Controller PEP 7S4280-19 NAC Controller PEP Power Supply Lanview LEDs Redundant Power SuppliesPower Supply Status Through System Management Auto-Ranging Power Supplies Secure Networks Policy Support Lanview Diagnostic LEDsStandards Compatibility Standalone or Rack Mountable Chassis Lanview Diagnostic LEDs Introduction Site Guidelines Installation Requirements and Guidelines Power Supply LEDs Configuration GuidelinesPower Supply PS LED Status Definitions Lanview LEDs Fan LED NAC Controller PEP Network RequirementsFan LED States and Definitions LED Color Status 10BASE-T Network Link Aggregation100BASE-TX Network 1000BASE-T Network 1000BASE-SX/LX/ELX Network Page Unpacking the Enterasys Matrix N1 Chassis Enterasys Matrix N1 Chassis Setup Installing the Chassis on a Flat Surface Setting Up the Enterasys Matrix N1 ChassisOrder of Installation Quantity Installing the Chassis on the Rack Shelf Installing the Chassis into a RackInstalling the Rubber Feet Attaching the Electrostatic Discharge Wrist Strap Installing the Chassis Directly to the Rack ESD Grounding Receptacle Powering Up a Enterasys Matrix N1 Chassis Cooling Fans Connecting the 15-Amp AC Power Cords Required Tools NAC Controller PEP InstallationUnpacking the NAC Controller PEP Important Notice Contents of Module Carton Quantity Installing Optional Mini-GBICs Installation Mini-GBIC with LC Connector Removing the Mini-GBIC Installing NAC Controller PEP into the Matrix N1 Chassis Preparation Installation Connecting UTP Cables to the 2S4082-25 Connecting to the NetworkN1 Chassis slot Metal back panel FTM2 backplane connectors NAC Controller PEP card RJ45 connector RJ45 port connector port Group Select button Connecting a Twisted Pair Segment to the NAC Controller PEP RX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting Fiber-Optic Cables to Mini-GBICs 10 Cable Connection to MT-RJ Fiber-Optic Connectors 11 Cable Connection to LC Fiber-Optic Connectors What Is Needed Connecting to COM Port for Local ManagementConnecting to an IBM PC or Compatible Device Parameter Setting 12 Connecting an IBM PC or Compatible Connecting to a VT Series Terminal 13 Connecting a VT Series Terminal Connecting to a Modem RJ45 Adapter Wiring and Signal AssignmentsCOM Port Adapter Wiring and Signal Diagram VT Series Port Adapter Wiring and Signal Diagram Completing the InstallationModem Port Adapter Wiring and Signal Diagram RJ45 DB25 First-Time Log-In Using a Console Port Connection 15 Matrix DFE Startup Screen Example N7 Chassis Using Lanview TroubleshootingAbout the Management Mgmt LED Viewing the Receive and Transmit Activity Lanview LEDs for the 7S4280-19 Lanview LEDs for the 2S4082-25 Alternating 67% on, 33% off Lanview LEDsColor State Recommended Action Series Configuration Guide for proper setup Troubleshooting Checklist Problem Possible Cause Recommended Action Troubleshooting Checklist OFFLINE/RESET Switch for the 2S4082-25 Overview of the NAC Controller PEP Shutdown Procedure Last Resort Shutdown Procedure Recommended Shutdown ProcedurePage Initializing the NAC Controller NAC Controller Ports Layer 3 NAC Controller Positioning General Management Considerations Layer 2 In-Band Management Topology Layer 2 Out-Of-Band Management Topology Layer 3 Out-Of-Band Management Preparation for NAC Controller Initialization Choose NAC Controller Installation Type NAC Controller Initialization Procedure Enter the Management Vlan ID NAC Controller Initialization Procedure 12 Setup NAC Controller PEP Networking 13 Enter NetSight Server IP Address 16 Configure System Date and Time 17 Set the System Date 19 Select the UTC/Local Hardware Clock Setting 21 Enable an Snmp Daemon NAC Controllers Require Separate Domains NAC Controller Policy ConfigurationSetup the Vlan Configurations 24 Determining NAC Controller Mode of Operation 25 Import From Device Wizard Modifying NAC Controllers Preconfigured Policy 26 Import From Device Wizard Adding Assessment Classification Rules 28 Services Screen Modifying the Downstream Default Policy Page 7C111 Chassis Specifications and Regulatory Compliance Specifications and Regulatory CompliancePhysical Specifications Table A-1 Chassis Specifications Physical Regulatory Requirements Power SupplyEnvironmental Requirements Table A-5 NAC Controller Engine Specifications Ports NAC Controller Engine Interface SpecificationsExternal Power Supply Processor/Memory Table A-6 COM Port Pin Assignments Signal Name Input/Output Table A-5 NAC Controller Engine SpecificationsNAC Controller Engine COM Port Pinout Assignments Environmental Table A-7 Specifications for 2S4082-25 NAC Controller PEP 2S4082-25 Module SpecificationsPorts Processors/Memory Table A-8 COM Port Pin Assignments Signal Name Input/Output NAC Controller PEP 7S4280-19 SpecificationsTable A-9 Specifications 2S4082-25 COM Port Pinout Assignments 7S4280-19 COM Port Pinout Assignments Mini-GBIC Input/Output SpecificationsTable A-10 Mini-GBIC Input/Output Port Specifications MGBIC-LC03 Specifications 1000BASE-SX Gigabit Ethernet SpecificationsMGBIC-LC01/MGBIC-MT01 Specifications 1000BASE-SX MGBIC-08 Specifications 1000BASE-ELX MGBIC-LC09 Specifications 1000BASE-LX Table A-20 MGBIC-02 / Specifications MGBIC-02 Specifications 1000BASE-TRegulatory Compliance Table A-21 Compliance Standards Setting the Mode Switches Mode Switch Bank Settings Optional Installations Location of Memory Modules Memory Locations and Replacement Procedures Connector arms Flash Dimm Replacement ProcedureConnector fingers Flash Dimm Figure B-4 Installing the Dimm Installing the Dimm Installing the Dram Simm Dram Simm Replacement ProcedureConnector contacts Removing the Dram Simm Dram Simm alignment notches Dram Simm Connector arms Connector contacts Numerics Index Index-2