Chapter 7: Quarantined Networks; New End-Users; Shared Resources; Untestable Endpoints And Dhcp Mode - Extreme Networks Sentriant AG Software User's Manual
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (526 pages)
Table of Contents
Advertisement
7
Quarantined Networks
This chapter describes the following general Sentriant AG quarantine information:
"New End-Users" on page 217
●
"Shared Resources" on page 217
●
"Untestable Endpoints and DHCP Mode" on page 217
●
New End-Users
The process Sentriant AG follows for allowing end-users to connect is:
Inline mode—An IP address is assigned to the endpoint outside of Sentriant AG. When the end-user
●
attempts to connect to the network, Sentriant AG either blocks access or allows access by adding the
endpoint IP address to the internal firewall.
DHCP mode—New end-users boot their computers. The boot process looks for an IP address and,
●
because they are new end-users and no information is known about the endpoints, a temporary
quarantined IP address is assigned. The end-users log in on the Windows login screen. The end-
users start IE and Sentriant AG attempts to test the endpoint. The endpoints either retain the
quarantined IP address, or are assigned a non-quarantined network IP address based on the testing
result.
802.1X mode—An endpoint attempts to connect to the network. The end-user's identity is verified
●
via an authentication server. If the endpoint is not authenticated, it is quarantined (allowed access to
a limited VLAN). If the endpoint is authenticated, it is tested by Sentriant AG. If the endpoint fails
the Sentriant AG testing, it is quarantined (allowed access to a limited VLAN). If the endpoint passes
the Sentriant AG testing, it is allowed access to the network (VLAN).
Shared Resources
If the end-users typically make connections to shared resources during the boot process, these shares are
unable to connect while the endpoint has the quarantined IP address, unless the resources are listed in
the Quarantine/guest resources area (see
endpoints are assigned a non-quarantined IP address, the users can gain access to the shares by logging
out of Windows and logging back into Windows. Rebooting the endpoints also works, but is not
necessary.
Untestable Endpoints and DHCP Mode
If you have an endpoint that does not have a supported operating system, you can allow access or
quarantine the endpoint. The current supported operating systems are listed in
on page
154.
Sentriant AG Software Users Guide, Version 5.3
"Quarantine/guest resources" on page
123). Once the
"Endpoints Supported"
217
Advertisement
Table of Contents
