Manuals / Enterasys Networks / Household Appliance / Plumbing Product

Enterasys Networks 9034385 manual Out-of-Band NAC Design Procedures

Models: 9034385

1 98
Download 98 pages 26.86 Kb
Page 83
Image 83
Out-of-Band NAC Design Procedures

Out-of-Band NAC Design Procedures

configuration if the security vulnerability is considered a risk for the organization. For more information on Nessus, refer to http://nessus.org/.

Out-of-Band NAC Design Procedures

The following section continues the Enterasys NAC design procedure with steps specifically relating to the implementation of out‐of‐band NAC with the NAC Gateway.

1. Identify Network Authentication Configuration

Since NAC Gateways utilize authentication for the detection of connecting end‐systems, it is necessary to identify which authentication methods are to be configured in the intelligent edge of the network. For more information on evaluating authentication on the network, see “Survey the Network” (page 4‐2).

The following considerations should be taken into account when deploying authentication on the network:

The capabilities of end‐systems connecting to the network.

Human‐centric devices may support user‐based authentication methods such as 802.1X or web‐based authentication only if an 802.1X supplicant or a web browser is supported on the end‐system. Machine‐centric devices most likely only support device‐based authentication methods like MAC authentication.

The types of users connecting to the network.

It is necessary to understand how authentication affects the different type of users connecting to the network and what implications this has on the NAC solution. For example, while trusted users authenticate using a set of valid credentials held in a directory on the network, untrusted or guest users may fail authentication upon connection.

The complexity involved in deploying authentication on the network, if it is not yet deployed.

Rolling out 802.1X authentication on the network requires extensive planning and mandates configuration and possible upgrade of infrastructure devices and end‐systems, and the dissemination of credentials to connecting users and devices. Since this is a significant undertaking, it may be desirable to utilize MAC‐based authentication for the initial rollout of NAC and migrate over to 802.1X over a period of time. This way, most benefits of NAC can be obtained in the short term while the infrastructure is readied for a full 802.1X authentication rollout.

The authentication method supported by the intelligent edge of the network.

Edge infrastructure devices may need to support multiple authentication methods concurrently to account for different devices connecting to the network. Furthermore, the authentication and authorization of multiple devices on a single port may also need to be supported.

Enterasys NAC Design Guide 5-19

Page 82 Page 84
Page 83
Image 83
Enterasys Networks 9034385 manual Out-of-Band NAC Design Procedures, Identify Network Authentication Configuration
Page 82 Page 84