Enterasys Networks 9034385 manual Design Procedures, Procedures for Out-of-Band and Inline NAC

5

Design Procedures

This chapter describes the design procedures for Enterasys NAC deployment on an enterprise network. The first section discusses procedures for both out‐of‐band and inline NAC deployments. The second section discusses procedures for deployments implementing assessment. Subsequent sections present design steps relating specifically to out‐of band deployments using the NAC Gateway and inline deployments using the NAC Controller.

Procedures for Out-of-Band and Inline NAC

This section presents design procedures that are applicable to both out‐of‐band and inline NAC deployments.

1. Identify Required NetSight Applications

As discussed in “NetSight Management” on page 1‐9, the Enterasys NAC solution requires the installation of two applications from the NetSight management software suite. NetSight NAC Manager is required to centrally manage the NAC Controller and NAC Gateway appliances on the network. Because NAC Manager is a plugin application to NetSight Console, it is necessary to have NetSight Console installed on a server with NAC Manager. NetSight Console is used to monitor the health and status of devices on the network, including the access layer switches and the NAC appliances.

In addition, NetSight Policy Manager is required for inline NAC deployments. Policy Manager is used to centrally define and distribute policies to all NAC Controllers on the network.

For out‐of‐band NAC deployments that include Enterasys policy‐enabled switches in the intelligent edge, policies are specified in NAC Manager that authorize connecting end‐systems with a particular level of network access. Policies are centrally defined and distributed to those Enterasys switches using Policy Manager. With Policy Manager, policy roles are easily defined and enforced to all Enterasys switches in the entire intelligent edge of the network, from one central location.

Enterasys NAC Design Guide 5-1