User ManualTable of ContentsNAC Design Guide1Notice3Contents5About This Guide9Intended Audience9Related Documents9Getting Help10Overview11NAC Solution Overview11Key Functionality11Deployment Models12NAC Solution Components14The NAC Appliance14NAC Gateway Appliance15NAC Controller Appliance15Appliance Comparison17NetSight Management19NetSight NAC Manager19NetSight Console20NetSight Policy Manager20NetSight Inventory Manager20RADIUS Server20Assessment Server20Summary20NAC Deployment Models23Model 1: End-System Detection and Tracking23Implementation23Out-of-Band NAC23Inline NAC (Layer 2)24Inline NAC (Layer 3)24Features and Value24Required and Optional Components25Model 2: End-System Authorization25Implementation26Out-of-Band NAC26Inline NAC26Features and Value27Required and Optional Components29Model 3: End-System Authorization with Assessment30Implementation30Out-of-Band NAC30Inline NAC31Features and Value32Required and Optional Components34Model 4: End-System Authorization with Assessment and Remediation34Implementation35Out-of-Band NAC35Inline NAC36Features and Value36Required and Optional Components37Summary38Use Scenarios39Scenario 1: Intelligent Wired Access Edge39Policy-Enabled Edge40RFC 3580 Capable Edge41Scenario 1 Implementation42Scenario 2: Intelligent Wireless Access Edge43Thin Wireless Edge43Thick Wireless Edge45Scenario 2 Implementation46Scenario 3: Non-intelligent Access Edge (Wired and Wireless)47Scenario 3 Implementation49Scenario 4: VPN Remote Access49Scenario 4 Implementation50Summary51Design Planning53Identify the NAC Deployment Model53Survey the Network541. Identify the Intelligent Edge of the Network542. Evaluate Policy/VLAN and Authentication Configuration56Case #1: No authentication method is deployed on the network.56Case #2: Authentication methods are deployed on the network.573. Identify the Strategic Point for End-System Authorization604. Identify Network Connection Methods61Wired LAN61Wireless LAN61Remote Access WAN62Site-to-Site VPN62Remote Access VPN63Identify Inline or Out-of-band NAC Deployment63Summary63Design Procedures65Procedures for Out-of-Band and Inline NAC651. Identify Required NetSight Applications652. Define Network Security Domains66NAC Configurations673. Identify Required MAC and User Overrides76MAC Overrides76User Overrides80Assessment Design Procedures811. Determine the Number of Assessment Servers812. Determine Assessment Server Location823. Identify Assessment Server Configuration82Out-of-Band NAC Design Procedures831. Identify Network Authentication Configuration832. Determine the Number of NAC Gateways843. Determine NAC Gateway Location864. Identify Backend RADIUS Server Interaction875. Determine End-System Mobility Restrictions876. VLAN Configuration887. Policy Role Configuration888. Define NAC Access Policies88Failsafe Policy and Accept Policy Configuration89Assessment Policy and Quarantine Policy Configuration89Unregistered Policy92Inline NAC Design Procedures921. Determine NAC Controller Location922. Determine the Number of NAC Controllers943. Identify Backend RADIUS Server Interaction964. Define Policy Configuration96Failsafe Policy and Accept Policy Configuration96Assessment Policy and Quarantine Policy Configuration96Unregistered Policy97Additional Considerations97NAC Deployment With an Intrusion Detection System (IDS)97NAC Deployment With NetSight ASM97Size: 2.28 MBPages: 98Language: EnglishOpen manual