Showing results for 
Search instead for 
Did you mean: 

SA deployment

New Contributor

SA deployment

Hi all,
There is the following situation in medical center with network:
and on the switches - users(staff, doctors and etc), servers(PACS, lab and etc.), wireless APs(802.1x)

The idea is to create different VLANs for the servers, and others for the different kind of users.
The role of the SA is to check and authenticate users and give them access only to the resources they need (access to different VLANs).

So I heard opinions that this could happened ("All they need is AAA and 802.1x switch") also this is impossible as this is internal network.
So I look at brochures, data sheets, learning ... and all I see is diagrams for remote users, partners, public computers and etc. Nothing is mentioned for internal lan.

So is this possible or not ?
And if possible where should they deploy the SA?

Occasional Contributor

Re: SA deployment

yes that is possible, deoploy the SA device behind the internet firewall. The way i usually set this up is with vlans and virtual ports. You can tag the vlans and set different roles to use different vlans. Each vlan will have its own routing table.

Super Contributor

Re: SA deployment

You can use the SA in this fashion, but really the SA is designed to be an outside to inside security platform.

I think what you really want for your situation is the UAC (Unified Access Control) product line. This is the product that is used for internal NAC (Network Access Control).

The forum where these are discussed is the Identity and Policy Control one.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) -
New Contributor

Re: SA deployment

Thanks for replies!

I first thought about UAC, but SA could give future aspect for a use both inside and outside. With UAC there is no growth.

Thats why I consider to offer SA.