beautypg.com

Enterasys Networks 9034385 User Manual

Page 6

background image

iv

Chapter 3: Use Scenarios

Scenario 1: Intelligent Wired Access Edge ..................................................................................................... 3-1

Policy-Enabled Edge ................................................................................................................................ 3-2
RFC 3580 Capable Edge ......................................................................................................................... 3-3
Scenario 1 Implementation ...................................................................................................................... 3-4

Scenario 2: Intelligent Wireless Access Edge ................................................................................................ 3-5

Thin Wireless Edge .................................................................................................................................. 3-5
Thick Wireless Edge ................................................................................................................................ 3-7
Scenario 2 Implementation ...................................................................................................................... 3-8

Scenario 3: Non-intelligent Access Edge (Wired and Wireless) ..................................................................... 3-9

Scenario 3 Implementation .................................................................................................................... 3-11

Scenario 4: VPN Remote Access ................................................................................................................. 3-11

Scenario 4 Implementation .................................................................................................................... 3-12

Summary ...................................................................................................................................................... 3-13

Chapter 4: Design Planning

Identify the NAC Deployment Model .............................................................................................................. 4-1
Survey the Network ........................................................................................................................................ 4-2

1. Identify the Intelligent Edge of the Network .......................................................................................... 4-2
2. Evaluate Policy/VLAN and Authentication Configuration ..................................................................... 4-4

Case #1: No authentication method is deployed on the network. ......................................................4-4
Case #2: Authentication methods are deployed on the network. .......................................................4-5

3. Identify the Strategic Point for End-System Authorization ................................................................... 4-8
4. Identify Network Connection Methods ................................................................................................. 4-9

Wired LAN ..........................................................................................................................................4-9
Wireless LAN......................................................................................................................................4-9
Remote Access WAN .......................................................................................................................4-10
Site-to-Site VPN ...............................................................................................................................4-10
Remote Access VPN ........................................................................................................................4-11

Identify Inline or Out-of-band NAC Deployment ........................................................................................... 4-11
Summary ...................................................................................................................................................... 4-11

Chapter 5: Design Procedures

Procedures for Out-of-Band and Inline NAC .................................................................................................. 5-1

1. Identify Required NetSight Applications ............................................................................................... 5-1
2. Define Network Security Domains ....................................................................................................... 5-2

NAC Configurations............................................................................................................................5-3

3. Identify Required MAC and User Overrides ....................................................................................... 5-12

MAC Overrides .................................................................................................................................5-12
User Overrides .................................................................................................................................5-16

Assessment Design Procedures .................................................................................................................. 5-17

1. Determine the Number of Assessment Servers ................................................................................. 5-17
2. Determine Assessment Server Location ............................................................................................ 5-18
3. Identify Assessment Server Configuration ......................................................................................... 5-18

Out-of-Band NAC Design Procedures .......................................................................................................... 5-19

1. Identify Network Authentication Configuration ................................................................................... 5-19
2. Determine the Number of NAC Gateways ......................................................................................... 5-20
3. Determine NAC Gateway Location .................................................................................................... 5-22
4. Identify Backend RADIUS Server Interaction ..................................................................................... 5-23
5. Determine End-System Mobility Restrictions ..................................................................................... 5-23
6. VLAN Configuration ........................................................................................................................... 5-24
7. Policy Role Configuration ................................................................................................................... 5-24
8. Define NAC Access Policies .............................................................................................................. 5-24

Failsafe Policy and Accept Policy Configuration ..............................................................................5-25
Assessment Policy and Quarantine Policy Configuration.................................................................5-25

See also other documents in the category Enterasys Networks Tools: