New Users; Shared Resources; Untestable Endpoints And Dhcp Mode - Extreme Networks AG200 User Manual
Version 5.0
Hide thumbs
Also See for AG200:
- Installation manual (80 pages) ,
- Hardware installation manual (40 pages) ,
- Hardware quick start manual (2 pages)
Table of Contents
Advertisement
Quarantined Networks
New Users
The process Sentriant AG follows for allowing end-users to connect is:
Inline mode—An IP address is assigned to the endpoint outside of Sentriant AG. When the end-user
●
attempts to connect to the network, Sentriant AG either blocks access or allows access by adding the
endpoint IP address to the internal firewall.
DHCP mode—New end-users boot their computers. The boot process looks for an IP address and,
●
because they are new end-users and no information is known about the endpoints, a temporary
quarantined IP address is assigned. The end-users log in on the Windows login screen. The end-
users start IE and Sentriant AG attempts to test the endpoint. The endpoints either retain the
quarantined IP address, or are assigned a non-quarantined network IP address based on the testing
result.
802.1X mode—An endpoint attempts to connect to the network. The end-user's identity is verified
●
via an authentication server. If the endpoint is not authenticated, it is quarantined (allowed access to
a limited VLAN). If the endpoint is authenticated, it is tested by Sentriant AG. If the endpoint fails
the Sentriant AG testing, it is quarantined (allowed access to a limited VLAN). If the endpoint passes
the Sentriant AG testing, it is allowed access to the network (VLAN).
Shared Resources
If the end-users typically make connections to shared services and endpoints during the boot process,
these shares are unable to connect while the endpoint has the quarantined IP address, unless the
services and endpoints are listed in the Accessible services and endpoints area (see "Accessible
Services" on page 115). Once the endpoints are assigned a non-quarantined IP address, the users can
gain access to the shares by logging out of Windows and logging back into Windows. Rebooting the
endpoints also works, but is not necessary.
Untestable Endpoints and DHCP Mode
If you have an endpoint that does not have a supported operating system, you can allow access or
quarantine the endpoint. The current supported operating systems are listed in "Endpoints Supported"
on page 147.
If you allow an untested endpoint to have access, there are several important items to keep in mind.
The IP address granted by your DHCP server has a lease expiration period that cannot be affected by
the Sentriant AG server. Once an untested endpoint has been allowed access and assigned a non-
quarantined IP address by your DHCP server, that endpoint has continual access through that IP
address until the IP address lease expires. For example, you are not be able to quarantine that endpoint
(or affect any other action on that endpoint) with Sentriant AG until the lease expires. It is not unusual
for system administrators to set a lease expiration time of three or more days.
NOTE
The access status column on the Endpoint activity window shows unable to quarantine, and the action cannot
complete until the IP address lease expires.
212
Sentriant AG Users' Guide, Version 5.0
Advertisement
Table of Contents
