Out-of-Band NAC Design Procedures

previously specified in the NAC configuration must be defined in NetSight Policy Manager to ensure the consistent allocation of network resources to connecting end‐systems.

Failsafe Policy and Accept Policy Configuration

The Failsafe Policy is assigned to end‐systems when an error occurs in the NAC process. An error state results if the end‐systemʹs IP address could not be determined from its MAC address, or if there was an assessment error and an assessment of the end‐system could not take place.

For Enterasys policy‐enabled switches, a corresponding policy role (created in Policy Manager) should allocate a nonrestrictive set of network resources to the connecting end‐system so it can continue its connectivity on the network, even though an error occurred in the NAC process.

The Accept Policy is assigned to an end‐system when it has been authorized locally by the NAC Gateway and when an end‐system has passed an assessment (if an assessment was required), or if the Accept Policy has been configured to replace the Filter‐ID information returned in the RADIUS authentication messages.

For Enterasys policy‐enabled switches, a corresponding policy role (created in Policy Manager) would allocate the appropriate set of network resources for the end‐system depending on their role in the enterprise. For example, you might associate the Accept Policy to the “Enterprise User” role that is defined in the NetSight Policy Manager demo.pmd file.

Assessment Policy and Quarantine Policy Configuration

The Assessment Policy and Quarantine Policy are used when end‐system assessment is implemented in the NAC deployment. The policy roles shown in the Policy Manager window below correspond to the access policies used in NAC Manager. For example, the Assessing Policy role in Policy Manager corresponds to the Assessment Policy in NAC Manager. Note that the Administrator, Enterprise User, Enterprise Access, and Guest Access policy roles are also defined in the Policy Manager demo.pmd file.

Enterasys NAC Design Guide 5-25

Page 88 Page 90
Page 89
Image 89
Enterasys Networks 9034385 manual Failsafe Policy and Accept Policy Configuration
Page 88 Page 90

9034385 specifications

Enterasys Networks 9034385 is a powerful networking component designed to enhance enterprise-level connectivity and ensure robust network management capabilities. This device offers a wide range of features that cater to the demanding requirements of modern businesses, focusing on performance, reliability, and security.

One of the main features of the Enterasys Networks 9034385 is its advanced Layer 2 and Layer 3 switching capabilities, which enable efficient data processing and robust network performance. With support for various VLAN configurations, the device allows organizations to segment their networks effectively, leading to improved security and better traffic management.

Another critical aspect of the 9034385 is its support for high-speed connectivity. The device features multiple gigabit Ethernet ports, providing sufficient bandwidth for data-intensive applications commonly used in enterprise environments. The high-speed connections ensure that users can access applications and data quickly and reliably, minimizing latency issues that can affect productivity.

In terms of management, Enterasys Networks has equipped the 9034385 with advanced monitoring and diagnostic tools. These capabilities allow network administrators to track performance metrics, identify potential issues proactively, and make informed decisions about network resource allocation. The inclusion of SNMP (Simple Network Management Protocol) facilitates seamless integration with network management systems, providing comprehensive oversight of network health and performance.

Security is a paramount consideration for the 9034385, which incorporates advanced security protocols to protect sensitive data. Features such as port security, DHCP snooping, and dynamic ARP inspection help safeguard the network against unauthorized access and cyber threats. Furthermore, the device supports authentication mechanisms like 802.1X, ensuring that only authorized users and devices can connect to the network.

The Enterasys Networks 9034385 also stands out due to its seamless integration with cloud-based services and support for virtualization technologies. This compatibility enables organizations to adopt flexible architectures and manage their resources more efficiently. Additionally, the device is designed with scalability in mind, allowing businesses to expand their networks without significant hardware changes or disruptions.

Overall, the Enterasys Networks 9034385 is a versatile and powerful networking solution ideal for enterprises looking to enhance their network infrastructure while ensuring performance, security, and ease of management. The combination of advanced features and technologies makes it a valuable asset for businesses of all sizes striving for efficient and reliable connectivity.
Top Page Image Contents