Manualshelf

Installation guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSentriant AG
11121314151617181920
Sentriant AG Software Installation Guide, Version 5.2
1
1 Deployment Flexibility
Sentriant AG Version 5.2 allows you to deploy multiple Enforcement servers (ESs) across a network and
manage them from one central Management server (MS). You create logical groups of ESs by joining
them to an Enforcement cluster.
The Sentriant AG MS specifies many aspects of the Enforcement clusters; for example, the MS specifies
the enforcement method (inline, DHCP, or 802.1X), how often the endpoints are retested, the tests run
on the endpoints, and how to control the endpoints’ access.
The Sentriant AG ESs detect and test endpoints on the network for compliance.
You can deploy each Sentriant AG cluster in one of the following configurations:
Inline—When deploying Sentriant AG inline, Sentriant AG monitors and enforces all endpoint
traffic. When Sentriant AG is deployed as a single-server installation, Sentriant AG becomes a
Layer 2 bridge that requires no changes to the network configuration settings. When Sentriant AG is
installed in a multiple-server installation, you might have to configure the switch that connects the
Sentriant AG Enforcement servers to use Spanning Tree Protocol (STP) if STP is not already
configured. Sentriant AG allows endpoints to access the network or blocks endpoints from accessing
the network based on their Internet Protocol (IP) address with a built-in firewall (iptables).
DHCP—When deploying Sentriant AG inline with a Dynamic Host Configuration Protocol (DHCP)
server, all DHCP requests pass through the Sentriant AG server Layer 2 bridge. For a quarantined
endpoint, Sentriant AG distributes the quarantined IP address for the endpoint. If Sentriant AG
allows the endpoint to have access, Sentriant AG allows your real DHCP server to distribute a non-
quarantined IP address. Sentriant AG assigns a DHCP IP address based on the quarantine area
parameters you define during configuration. You can place restrictions on network access either at
the gateway for the endpoint using Access Control Lists (ACLs), or on the endpoint by removing the
endpoint’s gateway and adding static routes for accessible networks.
802.1X—When deploying Sentriant AG in an 802.1X environment, you must install it where it can
communicate with the Remote Authentication Dial-In User Service (RADIUS) server (or,
Sentriant AG has a built-in RADIUS server that you can use). The RADIUS server communicates
with the switch, which performs the quarantining by moving ports or MAC addresses in and out of
virtual local area networks (VLANs).