10.3. Inline Appliances
Inline appliances can add NAC functionality to your network. You can transparently layer these appliances on top of the existing network infrastructure, so you can very easily roll out NAC. When you add inline appliances you don't have to re-architect your network just to add NAC.
Inline appliances allow you to differentiate between different users and devices on the network, and enforce different policies for each user and device.
|
All users are connected to the corporate network and receive an IP address in the same Layer 3 network. They all get addresses from DHCP and can see the datacenter. You need a way to differentiate between the different users in the same network — which is what an inline appliance enables you to do.
Inline appliances allow you to enforce different policies for different users who are in the same network. But the appliance needs to sit inline in the traffic flow between the user and the appliance (or resource) to which you want to control access. You typically place an inline appliance in front of a datacenter or server location.
You can use two main types of inline devices: A firewall or hardware-based enforcement device, and a NAC appliance.
10.3.1. Firewalls
A firewall is a hardware appliance that's designed to enforce network policies at high speed. This appliance sounds like a perfect device to use for ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.