Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Making a Test Bed

In setting up the test bed for a series of NAC reviews, I ran into some interesting issues some of which I want to lay out here and some I will explore more in depth later (at some point, I have to get some testing done). So in preparation for upcoming tests, I created my test bed.
My goal is always to make sure that the test bed works fully and then stabilize it. From that point, I should be able to insert different products with minimal change to the infrastructure other than cabling and integration. This lets me swap products in and out of the test bed quickly. I use a mix of products to help out like Ghost to make images, VMWare ESX Server, and big honking hard drives to store this stuff.

So, here is what I am building (see NAC Test Bed, right). Currently, access control is based on physical location and separated by VLAN???s. VLAN???s are a fine engineering tool and while I don???t advocate VLANs as a security technology, if your switches are current and you have complete control of your infrastructure, then properly deployed VLANs are acceptable layer 2 segmentation. Each location is on a separate VLAN and traffic moves from one subnet to another through a router. In the real world, I might replace that router with a firewall or some other in-line device, for my NAC testbed, it doesn???t matter.

The details of this test bed are:

  • I am using Microsoft Windows 2003 Server SP2, fully patched as an Active Directory in native W3K mode. Installed are IAS, Certificate Services, DHCP, DNS, and IIS. Normally, I would move some of these services off the AD machine and set-up some redundancy.
  • I am using Symantec???s AntiVirus Enterprise as an AV package since it is widely deployed. Frankly, any AV package that is widely supported should be acceptable in a test bed.
  • The Internal Network access switch is a Cisco 3750
  • The router is a Cisco 2800 running IOS 12.4.
  • The Distribution Switch is Cisco 3750G running IOS 12.2(25)
  • The Conference Room access switch is an HP ProCurve 2650-PWR running H.10.38
  • Client hosts are a mix of Windows XP computers, MacOSX, and Linux.
  • 1