802.1X Quarantine Method
NAC 800 and 802.1X
11-4
NAC 800 and 802.1X
When configured as 802.1X-enabled, NAC 800 can be installed with three
different configurations depending on your network environment:
■
Microsoft IAS and NAC 800 IAS Plug-in
With this method, the switch is configured with the IAS server IP
address as the RADIUS server host. When the switch performs the
RADIUS authentication, IAS authenticates the user. If successful, IAS
then calls the NAC 800 plug-in, which asks NAC 800 for the health
status of the endpoint. You can configure up to six NAC 800 server
URLs. The plug-in reads the list of servers over and over (iterates)
attempting to connect to one of them. Once a connection is made, the
NAC 800 plug-in uses that server URL until it is no longer available,
at which point it iterates over the list of servers again. If necessary,
the NAC 800 plug-in overwrites the RADIUS attributes to specify the
VLAN to place the endpoint into. IAS then returns the results to the
switch.
■
Proxying RADIUS requests to an existing RADIUS server
With this method, the switch is configured with the NAC 800 IP
address as the RADIUS server host. When the switch performs the
RADIUS authentication against the NAC 800 server, NAC 800 proxies
the request to another RADIUS server. As long as that server supports
the appropriate authentication methods used by the client it should
allow and authenticate the proxied requests. On successful authenti-
cation, when the end RADIUS server returns the proxied request NAC
800 overrides the RADIUS attributes which specify to the switch
which VLAN to place the endpoint in if necessary. NAC 800 then
returns the authentication results to the switch.
■
Using the built-in NAC 800 RADIUS server
With this method, all authentication takes place on the NAC 800
server. The switch is configured with the NAC 800 IP address as the
RADIUS server host. NAC 800 performs the authentication based on
the FreeRADIUS configuration, inserts RADIUS attributes specifying
into which VLAN to place the endpoint, and returns the result to the
switch.
When NAC 800 is used in an 802.1X network, the configuration is as shown in
figure 11-2, and the communication flow is shown in Figure 11-3 on page 11-6.
Содержание 800 Series
Страница 1: ...Users Guide www procurve com ProCurve Network Access Controller 800 ...
Страница 2: ......
Страница 3: ...ProCurve Network Access Controller 800 Release 1 1 Users Guide ...
Страница 32: ...Introduction Technical Support 1 14 Technical Support Technical support is available through www procurve com ...
Страница 43: ...2 1 2 Clusters and Servers Chapter Contents Overview 2 2 Installation Examples 2 3 ...
Страница 70: ...System Configuration Management Server 3 22 Figure 3 9 System Configuration Management Server ...
Страница 79: ...System Configuration User Accounts 3 31 Figure 3 12 System Configuration User Accounts ...
Страница 87: ...System Configuration User Roles 3 39 Figure 3 16 System Configuration User Roles ...
Страница 170: ...System Configuration Cluster Setting Defaults 3 122 Figure 3 55 System Configuration Agentless Credentials ...
Страница 206: ... This page intentionally left blank ...
Страница 229: ...End user Access Mac OS X Endpoint Settings 5 23 Figure 5 8 Mac System Preferences ...
Страница 262: ... This page intentionally left blank ...
Страница 284: ... This page intentionally left blank ...
Страница 298: ... This page intentionally left blank ...
Страница 299: ...8 1 8 High Availability and Load Balancing Chapter Contents High Availability 8 2 Load Balancing 8 6 ...
Страница 302: ...High Availability and Load Balancing High Availability 8 4 Figure 8 2 DHCP Installation ...
Страница 303: ...High Availability and Load Balancing High Availability 8 5 Figure 8 3 802 1X Installation ...
Страница 305: ...9 1 9 Inline Quarantine Method Chapter Contents Inline 9 2 ...
Страница 308: ... This page intentionally left blank ...
Страница 311: ...DHCP Quarantine Method Overview 10 3 Figure 10 1 DHCP Installation ...
Страница 314: ... This page intentionally left blank ...
Страница 319: ...802 1X Quarantine Method NAC 800 and 802 1X 11 5 Figure 11 2 NAC 800 802 1X Enforcement ...
Страница 320: ...802 1X Quarantine Method NAC 800 and 802 1X 11 6 Figure 11 3 802 1X Communications ...
Страница 376: ... This page intentionally left blank ...
Страница 414: ... This page intentionally left blank ...
Страница 421: ...Reports Viewing Report Details 14 7 Figure 14 3 Test Details Report ...
Страница 474: ... This page intentionally left blank ...
Страница 520: ...Tests Help Security Settings Windows B 34 http www pcworld com article id 112138 article html ...
Страница 526: ... This page intentionally left blank ...
Страница 529: ...Important Browser Settings Pop up Windows C 3 1 Clear the Block Popup Windows check box 2 Close the Content window ...
Страница 556: ... This page intentionally left blank ...
Страница 584: ... This page intentionally left blank ...
Страница 585: ......
Страница 586: ... Copyright 2007 2008 Hewlett Packard Development Company L P June 2008 Manual Part Number 5991 8571 ...