Enterasys Networks 2S4082-25-SYS Manual

A SERVICE OF

next previous

Secure Networks Policy Support

Enterasys NAC Controller Hardware Installation Guide 1-7

Standalone or Rack Mountable Chassis

TheEnterasys NAC Controllercanbeinstalledasafreestandingunitonashelfortable.Itcanalso

bemountedintoastandard48.26‐centimeter(19‐inch)equipmentrack.Referto“SiteGuidelines”

onpage 2‐1forrequirementsonventilationandcooling.

Secure Networks Policy Support

AfundamentalconceptthatiskeytotheimplementationoftheEnterasysSecureNetworks

methodologyispolicy‐enablednetworking.Thisapproachprovidesusersofthenetworkwiththe

resourcestheyneed‐inasecurefashion–whileatthesametimedenyingaccesstoapplicationsor

protocolsthataredeemedinappropriate

basedontheuser’sfunctionwithintheorganization.By

adoptingsucha“user‐personalized”model,itispossibleforbusinesspoliciestobetheguidelines

inestablishingthetechnologyarchitectureoftheenterprise.Twomajorobjectivesareachievedin

thisway:ITservicesarematchedappropriatelywithindividualusers;and

thenetworkitself

becomesanactiveparticipantintheorganization’ssecuritystrategy.TheSecureNetworks

architectureconsistsofthreetiers:

• Classificationrulesmakeupthefirstorbottomtier.TherulesapplytodevicesintheSecure

Networksenvironment,suchasswitchesandrouters.Therulesaredesignedtobe

implemented

atorneartheuser’spointofentrytothenetwork.Rulesmaybewrittenbased

oncriteriadefinedintheLayer2,Layer3orLayer4informa tionofthedataframe.

•ThemiddletierisServices,whicharecollectionsofindividualclassificationrules,grouped

logicallytoeitherpermit

ordenyaccesstoprotocolsorapplicationsbasedontheuser’srole

withintheorganization.Priorityandbandwidthratelimitingmayalsobedefinedinservices.

•Roles,orbehavioralprofiles,makeupthetoptier.Therolesassignservicestovarious

businessfunctionsordepartments,suchasexecutive,sales,andengineering.



Toenhancesecurityanddeliveratruepolicy‐basedinfrastructure,theEnterasysSecureNetworks

methodologycantakeadvantageofauthenticationmethods,suchas802.1X,usingEAP‐TLS,

EAP‐TTLS,orPEAP,aswellasothertypesofauthentication.Authorizationinformation,attached

totheauthenticationresponse,determinestheapplicationofpolicy.

Authorizationinformationis

communicatedviathepolicynameinaRADIUSFilter‐IDattribute.Anadministratorcanalso

definearoletobeimplementedintheabsenceofanauthenticationframework.Refertothe

releasenotesshippedwiththemodulefordetails.

Standards Compatibility

TheNACControllerPEPsarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,

802.1D‐1998,and802.1Q‐1998standards.TheNACControllerPEPprovidesIEEE802.1D‐1998

SpanningTreeAlgorithm (STA)supporttoenhancetheoverallreliabilityofthenetworkand

protectagainst“loop”conditions.

LANVIEW Diagnostic LEDs

TheNACControllerPEPusesabuilt‐invisualdiagnosticandstatusmonitoringsystemcalled

LANVIEW.TheLANVIEWLEDsallowquickobservationofthenetworkstatustoaidin

diagnosingnetworkproblems.“LANVIEWLEDs”onpage 2‐2for informationaboutusingthe 

LEDsfortroubleshooting.