Black Box ET0100A Appliance Trim Kit User Manual

Open as PDF

of 352

EncrypTight User Guide 25

2 EncrypTight Deployment Planning

When deploying EncrypTight, you must plan the following:

● EncrypTight Component Connections

● Network Clock Synchronization

● IPv6 Address Support

● Certificate Support

● Network Addressing for IP Networks

EncrypTight Component Connections

EncrypTight can be managed in-line or out-of-band. When managing in-line, management traffic flows

through the data path. You must enable the Passing TLS traffic in the clear feature on all PEPs for

proper communication among EncrypTight components (ETEMS, ETPM, ETKMS, PEPs). When passing

TLS in the clear is enabled on Layer 2 PEPs, TLS and ARP packets are sent unencrypted.

If your network uses other routing protocols that need to pass in the clear, consider the following:

● At Layer 3, create policies to pass the routing protocols in the clear. The PEPs must also be

configured to pass non-IP traffic in the clear (this is the default setting on the Advanced tab in

ETEMS).

● At Layer 2, consider a separate out-of-band management network, or put the management traffic on a

separate VLAN and create a Layer 2 policy to pass packets with this VLAN tag in the clear.

Customer support can advise you on a solution that works best in your network.

● Use local site policies

Local site policies allow you to create locally configured policies using CLI commands, without

requiring an EncrypTight ETKMS for key distribution. Using the local-site CLI commands you can

create manual key encryption policies, bypass policies, and discard policies at either Layer 2 or Layer

3. Mesh policies can be created by adding policies that share the identical keys and SPIs to multiple

ETEPs.

The primary use for local site policies is to facilitate in-line management in Layer 2 encrypted

networks. These policies supplement existing encryption policies, adding the flexibility to encrypt or

pass in the clear specific Layer 3 routing protocols, or Layer 2 Ethertypes and VLAN IDs.

For information on creating and using local site policies, see the CLI User Guide.

This chapter discusses connections between each of the EncrypTight components, providing in-line and

out-of-band examples.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Black Box ET0100A Appliance Trim Kit User Manual