Use scenarios, Scenario 1: intelligent wired access edge, Chapter 3: use scenarios – Enterasys Networks 9034385 User Manual
Page 39: Scenario 1: intelligent wired access edge -1, Chapter 3
Enterasys NAC Design Guide 3-1
3
Use Scenarios
This chapter describes four NAC use scenarios that illustrate how the type of NAC deployment is
directly dependent on the infrastructure devices deployed in the network. For some network
topologies, inline network access control utilizing the NAC Controller may be required while for
other network configurations, the NAC Gateway implementing out‐of‐band NAC may be used.
The Enterasys NAC solution is capable of implementing network access control for all four use
scenarios as well as environments with mixed use scenarios that may require the concurrent
deployment of the NAC Gateway and the NAC Controller. Regardless of the scenario that is
deployed, all NAC Gateways and NAC Controllers are centrally managed by the NetSight NAC
Manager software application.
For the intelligent wired access edge and intelligent wireless access edge use scenarios, the term
“intelligent” refers to a network topology where the access edge is composed of Enterasys policy‐
enabled switches capable of supporting authentication and policy enforcement, or third‐party
switches capable of supporting authentication and dynamic VLAN assignment as defined in RFC
3580.
Scenario 1: Intelligent Wired Access Edge
In the intelligent wired access edge use scenario, the edge switches that compose the network
access layer are capable of providing authentication (802.1X, web‐based, or MAC) for connecting
end‐systems, and they are also capable of being an authorization point for these end‐systems
through Enterasys policy and/or dynamic VLAN assignment as specified in RFC 3580.
For this use scenario, the NAC Gateway appliance is deployed for out‐of‐band network access
control, leveraging the intelligent infrastructure devices in the access edge as the authorization
point for connecting end‐systems.
It is important to note that Enterasys policy‐enabled switches provide increased security over
third‐party switches that support RFC 3580. By using port‐level granular traffic control, users
quarantined with Enterasys policy can be restricted from communicating with other quarantined
users, even if co‐located on the same VLAN. In a Quarantine VLAN as implemented on third‐
party RFC 3580 capable switches, a quarantined user poses a threat to other quarantined users
For information about...
Refer to page...
Scenario 1: Intelligent Wired Access Edge
Scenario 2: Intelligent Wireless Access Edge
Scenario 3: Non-intelligent Access Edge (Wired and Wireless)