We have a customer who has a small network with 20 Cisco Switches, 2960 & 3560 and the customer want to switchover to Enterasys / Extrem.
We have as a first step a new SSA150 System and the whole software Suite with NMS and NAC on the customer site.
Now my Job is to integrate the Cisco Switches into the Enterasys NAC Solution.
Is there any kind of Material or how to ́s .. how to integrate a Cisco Switch into a NAC manager ? I know that I have to configure the ports on the Cisco ́s to Mac Authentification and the NAC Solution ist the Server... but it would be great to see an example from the real world.
I have already integrated all the ciscos into the Netsight with SNMP V2 and actually i can monitor traffic and port actions on the Cisco ́s
On the first step I want to configure the NAC Solution that it ́s only listen to MAC Auth requests without doing any action on the ports of the Switch ... to build up a NAC Database.
Later I want to change the NAC Solution to allow the traffic for all mac addresses on a white list and to block all new addresses.
Some Questions for the Future :
- is it possible that Enterasys NAC with Netsight also can switch VLAN on a ciso switch to bring a device with a new mac into a Isolation VLAN ??
- i have a SSA 150 as a core device .. can i configure all the ciscos to act as dumb forwarding NAC Requests to this SSA and make there on the port also multiple Request with MAC Auth and 802.3 Auth and WEB Auth ? because the SSA 150 can have multiple Kind of authenthification on one port.
i could connect every cisco Switch on one port of the ssa 150 and acctivate the multile Auth on this Port ... to use the Ciscos only as dumb forwarders... ( i this right ? )
As I understood this feature of multiple policys on one port is only valid for Enterasys B-Series and above but would it work if a Cisco switch with 24 Ports will connect to one port of a SSA150 ?