Out-of-Band NAC Design Procedures

configuration if the security vulnerability is considered a risk for the organization. For more information on Nessus, refer to http://nessus.org/.

Out-of-Band NAC Design Procedures

The following section continues the Enterasys NAC design procedure with steps specifically relating to the implementation of out‐of‐band NAC with the NAC Gateway.

1. Identify Network Authentication Configuration

Since NAC Gateways utilize authentication for the detection of connecting end‐systems, it is necessary to identify which authentication methods are to be configured in the intelligent edge of the network. For more information on evaluating authentication on the network, see “Survey the Network” (page 4‐2).

The following considerations should be taken into account when deploying authentication on the network:

The capabilities of end‐systems connecting to the network.

Human‐centric devices may support user‐based authentication methods such as 802.1X or web‐based authentication only if an 802.1X supplicant or a web browser is supported on the end‐system. Machine‐centric devices most likely only support device‐based authentication methods like MAC authentication.

The types of users connecting to the network.

It is necessary to understand how authentication affects the different type of users connecting to the network and what implications this has on the NAC solution. For example, while trusted users authenticate using a set of valid credentials held in a directory on the network, untrusted or guest users may fail authentication upon connection.

The complexity involved in deploying authentication on the network, if it is not yet deployed.

Rolling out 802.1X authentication on the network requires extensive planning and mandates configuration and possible upgrade of infrastructure devices and end‐systems, and the dissemination of credentials to connecting users and devices. Since this is a significant undertaking, it may be desirable to utilize MAC‐based authentication for the initial rollout of NAC and migrate over to 802.1X over a period of time. This way, most benefits of NAC can be obtained in the short term while the infrastructure is readied for a full 802.1X authentication rollout.

The authentication method supported by the intelligent edge of the network.

Edge infrastructure devices may need to support multiple authentication methods concurrently to account for different devices connecting to the network. Furthermore, the authentication and authorization of multiple devices on a single port may also need to be supported.

Enterasys NAC Design Guide 5-19

Page 82 Page 84
Page 83
Image 83
Enterasys Networks 9034385 manual Out-of-Band NAC Design Procedures, Identify Network Authentication Configuration
Page 82 Page 84

9034385 specifications

Enterasys Networks 9034385 is a powerful networking component designed to enhance enterprise-level connectivity and ensure robust network management capabilities. This device offers a wide range of features that cater to the demanding requirements of modern businesses, focusing on performance, reliability, and security.

One of the main features of the Enterasys Networks 9034385 is its advanced Layer 2 and Layer 3 switching capabilities, which enable efficient data processing and robust network performance. With support for various VLAN configurations, the device allows organizations to segment their networks effectively, leading to improved security and better traffic management.

Another critical aspect of the 9034385 is its support for high-speed connectivity. The device features multiple gigabit Ethernet ports, providing sufficient bandwidth for data-intensive applications commonly used in enterprise environments. The high-speed connections ensure that users can access applications and data quickly and reliably, minimizing latency issues that can affect productivity.

In terms of management, Enterasys Networks has equipped the 9034385 with advanced monitoring and diagnostic tools. These capabilities allow network administrators to track performance metrics, identify potential issues proactively, and make informed decisions about network resource allocation. The inclusion of SNMP (Simple Network Management Protocol) facilitates seamless integration with network management systems, providing comprehensive oversight of network health and performance.

Security is a paramount consideration for the 9034385, which incorporates advanced security protocols to protect sensitive data. Features such as port security, DHCP snooping, and dynamic ARP inspection help safeguard the network against unauthorized access and cyber threats. Furthermore, the device supports authentication mechanisms like 802.1X, ensuring that only authorized users and devices can connect to the network.

The Enterasys Networks 9034385 also stands out due to its seamless integration with cloud-based services and support for virtualization technologies. This compatibility enables organizations to adopt flexible architectures and manage their resources more efficiently. Additionally, the device is designed with scalability in mind, allowing businesses to expand their networks without significant hardware changes or disruptions.

Overall, the Enterasys Networks 9034385 is a versatile and powerful networking solution ideal for enterprises looking to enhance their network infrastructure while ensuring performance, security, and ease of management. The combination of advanced features and technologies makes it a valuable asset for businesses of all sizes striving for efficient and reliable connectivity.
Top Page Image Contents