Enterasys 2S4082-25-SYS Instalační příručka stáhnout pdf (Strana 27)

Secure Networks Policy Support

Enterasys NAC Controller Hardware Installation Guide 1-7

Standalone or Rack Mountable Chassis

TheEnterasys NAC Controllercanbeinstalledasafreestandingunitonashelfortable.Itcanalso

bemountedintoastandard48.26‐centimeter(19‐inch)equipmentrack.Referto“SiteGuidelines”

onpage 2‐1forrequirementsonventilationandcooling.

Secure Networks Policy Support

AfundamentalconceptthatiskeytotheimplementationoftheEnterasysSecureNetworks

methodologyispolicy‐enablednetworking.Thisapproachprovidesusersofthenetworkwiththe

resourcestheyneed‐inasecurefashion–whileatthesametimedenyingaccesstoapplicationsor

protocolsthataredeemedinappropriate

basedontheuser’sfunctionwithintheorganization.By

adoptingsucha“user‐personalized”model,itispossibleforbusinesspoliciestobetheguidelines

inestablishingthetechnologyarchitectureoftheenterprise.Twomajorobjectivesareachievedin

thisway:ITservicesarematchedappropriatelywithindividualusers;and

thenetworkitself

becomesanactiveparticipantintheorganization’ssecuritystrategy.TheSecureNetworks

architectureconsistsofthreetiers:

• Classificationrulesmakeupthefirstorbottomtier.TherulesapplytodevicesintheSecure

Networksenvironment,suchasswitchesandrouters.Therulesaredesignedtobe

implemented

atorneartheuser’spointofentrytothenetwork.Rulesmaybewrittenbased

oncriteriadefinedintheLayer2,Layer3orLayer4informa tionofthedataframe.

•ThemiddletierisServices,whicharecollectionsofindividualclassificationrules,grouped

logicallytoeitherpermit

ordenyaccesstoprotocolsorapplicationsbasedontheuser’srole 

withintheorganization.Priorityandbandwidthratelimitingmayalsobedefinedinservices.

•Roles,orbehavioralprofiles, makeupthetoptier.Therolesassignservicestovarious

businessfunctionsordepartments,suchasexecutive,sales,andengineering.



Toenhancesecurityanddeliveratruepolicy‐basedinfrastructure,theEnterasysSecureNetworks

methodologycantakeadvantageofauthenticationmethods,suchas802.1X,usingEAP‐TLS,

EAP‐TTLS,orPEAP,aswellasothertypesofauthentication.Authorizationinformation,attached

totheauthenticationresponse,determinestheapplicationofpolicy.

Authorizationinformationis

communicatedviathepolicynameinaRADIUSFilter‐IDattribute.Anadministratorcanalso

definearoletobeimplementedintheabsenceofanauthenticationframework.Refertothe

releasenotesshippedwiththemodulefordetails.

Standards Compatibility

TheNACControllerPEPsarefullycompliantwiththeIEEE802.3‐2002,802.3ae‐2002,

802.1D‐1998,and802.1Q‐1998standards.TheNACControllerPEPprovidesIEEE802.1D‐1998

SpanningTreeAlgorithm (STA)supporttoenhancetheoverallreliabilityofthenetworkand

protectagainst“loop”conditions.

LANVIEW Diagnostic LEDs

TheNACControllerPEPusesabuilt‐invisualdiagnosticandstatusmonitoringsystemcalled

LANVIEW.TheLANVIEWLEDsallowquickobservationofthenetworkstatustoaidin

diagnosingnetworkproblems.“LANVIEWLEDs”onpage 2‐2for informationaboutusingthe 

LEDsfortroubleshooting.

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 107 108

Komentáře k této Příručce

Žádné komentáře

Enterasys 2S4082-25-SYS Instalační příručka Strana 27

Komentáře k této Příručce

Související produkty a manuály pro Sítě Enterasys 2S4082-25-SYS