Extreme Networks Sentriant AG Software User's Manual page 374
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (526 pages)
Table of Contents
Advertisement
Troubleshooting Quarantined Endpoints
Table 18: Troubleshooting Quarantined Endpoints (continued)
Enforcement Mode
DHCP
Network
mode
enforcement
NOTES:
•
(*) The gateway does not have to be in the broadcast domain (which is good, since the netmask gives the
endpoint no real broadcast domain), as long as it is in the same (Layer 2) subnet—the router will get you
there.
•
(**) Allowing access to the Internet is up to the customer, but is necessary for access to any IP addresses in
Quarantine/guest resources (System configuration>>Cluster setting defaults area>>Quarantine/guest
resources).
374
How endpoints are quarantined and
redirected to Sentriant AG
DHCP server (Sentriant AG) gives the
endpoint:
•
Quarantine range IP address
•
Appropriate netmask for quarantine
subnet
•
Appropriate default gateway
•
Sentriant AG server's IP as DNS
server (will resolve everything
except Quarantine/guest resources
to the Sentriant AG IP address)
•
The switch is configured with
additional IP helper addresses to
forward broadcast DHCP requests to
ESs as well as production DHCP
servers.
Switches must be configured for
multinetting (multinetting segment) so
there can be two networks on the same
physical device (or devices) that
cohabitate, but they should not be able
to talk to one another as enforced by
the switch (using ACLs). Each port on
the switch will be allowed to be on
either the production or quarantine
network, and the switch will have a
secondary IP address assigned to the
gateway port (so there will be different
gateway IP addresses for the production
and quarantine networks).
How quarantined endpoints reach accessible
devices
Sentriant AG (fake root) DNS—As in
endpoint enforcement (for access to names
in Quarantine/guest resources). The DNS
server forwards requests for resources to a
real DHCP server for resolution.
ACLs on the switch prevent quarantined
systems from talking to production
systems, but allow for the following
specific traffic:
•
Quarantine --> Sentriant AG (OK)
•
Production --> Quarantine (OK)
•
Quarantine -|-> Production (NO)
•
Quarantine -?-> Internet (Maybe*)
Sentriant AG Software Users Guide, Version 5.3
Advertisement
Table of Contents
Related Manuals for Extreme Networks Sentriant AG
Related Products for Extreme Networks Sentriant AG
- Extreme Networks SSA-T8028-0652
- Extreme Networks ExtremeRouting SLX 9850-8
- Extreme Networks SA201
- Extreme Networks ExtremeSwitching SLX 9540
- Extreme Networks ExtremeSwitching SLX 9030-48S
- Extreme Networks ExtremeSwitching SLX9150-48Y-8C-AC-F
- Extreme Networks ExtremeSwitching SLX9150-48XT-6C
- Extreme Networks ExtremeSwitching SLX9250-32C