Support User Manuals

Enterasys Networks 7S4280-19-SYS Computer Hardware User Manual

Open as PDF

of 108

Overview

6-2 Initializing the NAC Controller

TheportslocatedinthelowerrowsoftheNACControllerarereferredtoasʺdownstreamports,ʺ

andconnectdownlinktoinfrastructuredevicessuchasaccesslayerswitchesinthenetwork.The

twogigabitEthernetportslocatedatthetopoftheNACControllerarereferredtoasʺupstream

ports,ʺand

connectuplinktoupstreamdevicessuchascorerouters.The10/100Ethernetport

locatedatthetopoftheNACControllersupportsmanagementfunctionalitywithan

Out‐Of‐Bandmanagementconfiguration,asexplainedbelow.SeeFigure 6‐1forthelocationofthe

differentNAC Controllerporttypes.

Itisimportanttonote

thattheNACControllerappliancetransparentlybridgespacketsatlayer2

fromdownstreamportstoupstreamports,downstreamportstootherdownstreamports,

upstreamportstodownstreamports,andupstreamporttootherupstreamports. Therefore,itis

notnecessarytohavea1:1downstreamporttoupstreamportconfiguration

ontheNAC

Controller.Furthermore,thetrafficenforcementpointontheNACControllerisimplementedas

trafficingressedthedownstreamportsperMACaddressorIPaddressbeforethetrafficisbridged

throughtheNACControllertoanyotherport.Asaresultoftrafficsourcedfromanendsystem

being

appropriatelyfiltered(forexample:forwarded,discarded,containedtoaVLAN,or

prioritized)uponingresstotheNACControllerportbeforeitisbridged,theflowoftrafficfrom

eachdownstreamendsystem issecurelycontrolledtoallotherdevicesconnectedtoother

upstreamanddownstreamportsonthe NACController.

Figure 6-1 NAC Controller Ports

Figure 6‐3throughFigure 6‐6displaytheconfigurationtopologiesforthefourNAC Controller

installationtypes.Ineachcase,upstreamportsontheNACControllerconnecttothenetworkcore

inthedirectionofwheretheNetSightmanagementserverconnectstothenetwork,althoughitis

notnecessarytoconnecttheNetSight

managementserverupstreamfromtheNACController.

DownstreamportsontheNACControllerconnecttothenetworkedgewhereendsystemsare

connecting.

Note: Figure 6-1 displays a 2S4082-25-SYS, but NAC Controller ports are in the same

location on both systems.

previous next