10.4. Network Infrastructure
The network switch infrastructure allows you to closely control access to the network.
When you want to control users and devices that get on the network, the closer you position the policies to the user, the more control you can have. In the case of network infrastructure, you can directly control whether the user can even get on the network, as well as what network he or she can access.
In an effort to make the network as secure as possible, move to a closed access network. The more closed, the better. By using NAC, you can control the actual ports on switches, which means that you no longer need a network drop that's open to the network, available for anyone to plug into. For example, say that a stranger walks into your building and sits down at a network computer that has an open network drop. What would he or she be able to access? If you have NAC, you don't have to worry about that scenario because you know that the NAC solution controls what he or she can see.
It can control and enforce policy in your network infrastructure in several different ways. Virtual local area networks (VLANs) often segregate traffic and users. We take a deeper look at VLANs in the following section.
Two main technologies control the actual switch port:
802.1X
SNMP
10.4.1. VLANs
In your typical Layer 2 switched environment, all user traffic happens on the same network. So, both compliant users and out-of-compliance machines use the same network.
Over the last several ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
