Manuals / Enterasys Networks / Household Appliance / Plumbing Product

Enterasys Networks 9034385 manual NAC Solution Components, The NAC Appliance, Model, NAC Component

Models: 9034385

1 98
Download 98 pages 26.86 Kb
Page 14
Image 14
NAC Solution Components

NAC Solution Components

NAC Solution Components

This section discusses the required and optional components of the Enterasys NAC solution, beginning with the following table that summarizes the component requirements for each of the four deployment models.

.

 

 

 

 

Table 1-1 Component Requirements for NAC Deployment Models

 

 

 

 

 

 

 

Model 1

Model 2

Model 3

Model 4

NAC Component

Detection and

Authorization

Authorization with

Authorization with

Tracking

 

Assessment

Assessment and

 

 

 

 

 

 

Remediation

 

 

 

 

 

NAC Appliance

Required

Required

Required

Required

 

 

 

 

 

NetSight NAC

Required

Required

Required

Required

Manager

 

 

 

 

 

 

 

 

 

NetSight Console

Required

Required

Required

Required

 

 

 

 

 

Assessment Server

Optional

Optional

Required

Required

 

 

 

 

 

RADIUS Server1

Optional

Optional

Optional

Optional

NetSight Policy

Optional

Optional

Optional

Optional

Manager2

 

 

 

 

NetSight Inventory

Optional

Optional

Optional

Optional

Manager3

 

 

 

 

1.A RADIUS server is only required if out-of-band NAC is implemented with the NAC Gateway, and 802.1X or web-based authentication is deployed on the network.

2.NetSight Policy Manager is required for inline NAC deployments. NetSight Policy Manager is suggested if Enterasys policy-capable switches are deployed on the network and utilized as the traffic enforcement or authorization point for connecting devices. Policy Manager allows the centralized definition and deployment of policies to Enterasys switches for the consistency and ease of management of the authorization levels for connecting end-systems.

3.NetSight Inventory Manager is suggested if Enterasys switches are deployed on the network for ease of firmware and configuration management across the enterprise.

The NAC Appliance

The NAC appliance is a core component of the Enterasys NAC solution and is required for all NAC deployment models. It provides the ability to detect, authenticate, and effect the authorization of end devices attempting to connect to the network. It also integrates with or connects to assessment services to determine the security posture of end‐systems connecting to the network. Once authentication and assessment are complete, the NAC appliance effects the authorization of devices on the network by allocating the appropriate network resources to the end‐system based on authentication and/or assessment results.

If authentication fails and/or the assessment results indicate a noncompliant end‐system, the NAC appliance can deny the end‐system access to the network, quarantine the end‐system with a highly restrictive set of network resources, or permit network access, depending on the appliance’s configuration.

The NAC appliance also provides the remediation functionality by means of a Remediation Web Server that runs on the appliance. Remediation informs end users when their end‐systems have been quarantined due to network security policy non‐compliance, and allows end users to safely remediate their end‐systems without assistance from IT operations.

1-4 Overview

Page 13 Page 15
Page 14
Image 14
Enterasys Networks 9034385 NAC Solution Components, The NAC Appliance, 1 Component Requirements for NAC Deployment Models
Page 13 Page 15