Support User Manuals

Enterasys Networks 7S4280-19-SYS Computer Hardware User Manual

Open as PDF

of 108

General Management Considerations

Enterasys NAC Controller Hardware Installation Guide 6-3

General Management Considerations

ThefollowingaregeneralNAC Controllermanagementconfigurationconsiderations:

•TheLayer3NACControllerispositionedinbetweentworoutersonthenetwork.Onlyone

VLAN/subnetspansbetweentheseroutersasshowninFigure 6‐2.ForLayer3NAC

Controllerconfiguration,alldatatraffic(non‐managementtraffic)traversingtheNAC

Controllerbetweenthe

upstreamrouterandthedownstreamroutermustbeuntagged.The

reasonforthisisthattheNACControllerdoesnotpreserveVLANtaggingfordatatraffic

traversingtheappliance,regardlessofwhetherin‐bandorout‐of‐bandmanagementis

configured.Theupstreamanddownstreamroutersmustbeconfiguredwith

routedinterfaces

forthisVLAN/subnetasshownbelowwithIPaddresses20.20.20.2/24and202020.1/24.

Figure 6-2 Layer 3 NAC Controller Positioning

•WhenusingIn‐Bandmanagement:

–TwoIPaddressesareassignedtotheNACControllerwhenconfiguredforin‐band

management;amanagementIPaddressfortheNACControllerEngineanda

managementIPaddressfor

theNACControllerPEP.

–TheNACControllerEngineIPaddressandNACControllerPEPIPaddresses,masks,and

gatewaymustbepartofthesamesubnetthatspanstheupstreamanddownstream

routers.

–NomanagementVLANIDisrequired.AllmanagementtrafficsourcedfromtheNAC

ControllerEngineandNACController

PEPegressestheupstreamanddownstreamports

oftheNACControlleruntaggedontotheVLAN thatspansthetworouters,showas

shownbelow.

–AremediationwebserverIPaddressisnotrequired.Theremediationwebserverisrun

offofthemanagementIPaddressoftheNACControllerEngine.

–Alldirectly

connectedmanagementandrouterIPaddressesonthissubnetmustbe

specifiedduringthesetupprocessinordertoestablishIPconnectivityinto thetopology.

SeeFigure 6‐5onpage 6‐5foradiagramonlayer3In‐Bandmanagement.SeeFigure 6‐3on

page 6‐4foradiagramonlayer

2In‐Bandmanagement.

•WhenusingOut‐Of‐Bandmanagement:

–ThreeIPaddressesareassignedtotheLayer3NACControllerwhenconfiguredfor

out‐of‐bandmanagement;amanagementIPaddressandremediationIPaddressforthe

NACControllerEngineandamanagementIPaddressfortheNACControllerPEP.

previous next