HP 800 Network Access Controller manual 802.1X, Inline

Page 7

Introduction

ProCurve Network Access Controller 800

You can deploy each ProCurve NAC endpoint integrity cluster in one of the following configurations.

802.1X

When deploying ProCurve NAC in an 802.1X environment, you must install it where it can communicate with the Remote Authentication Dial-In User Service (RADIUS) server (or, use the built-in RADIUS server on the ProCurve NAC 800). The RADIUS server communicates with the 802.1X authenticator, which performs the quarantining by moving ports or MAC addresses in and out of virtual local area networks (VLANs).

Inline

When deploying ProCurve NAC inline, it monitors and enforces all client traffic. When ProCurve NAC is deployed as a single-server installation, it works as a Layer 2 bridge that requires no changes to the network configura- tion settings. When ProCurve NAC is installed in a multiple-server installation, you need to configure the switch that connects the ProCurve NAC Enforce- ment servers to use Spanning Tree Protocol (STP) if STP is not already configured.

ProCurve NAC allows clients to access the network, or blocks clients from accessing the network based on their Internet Protocol (IP) address with a built-in firewall (iptables).

DHCP

When deploying a ProCurve NAC appliance inline with a Dynamic Host Configuration Protocol (DHCP) server, all DHCP requests pass through the ProCurve NAC appliance’s Layer 2 bridge. For a quarantined client, the ProCurve NAC appliance distributes a quarantined IP address for the client. ProCurve NAC assigns a DHCP IP address based on the quarantine area parameters you define during configuration.

If the ProCurve NAC appliance allows the client to have access, it allows your real DHCP server to distribute a non-quarantined IP address. You can place restrictions on network access either at the gateway for the client using Access Control Lists (ACLs), or on the client by removing the client’s gateway and adding static routes for accessible networks.

Introduction

1-3

Page 6 Page 8
Image 7
Page 6 Page 8
Contents Hardware Installation Guide ProCurve Network Access ControllerPublication Number Contents Recycle Statements Introduction ProCurve Network Access ControllerIntroduction ProCurve NAC 800 Endpoint Integrity SolutionInline 802.1XThis page intentionally left blank Quick Install Summary Quick InstallIncluded Parts Installation Precautions Hardware Specifications Prepare the Installation Site Installing the ApplianceRack Mounting the ProCurve NAC Mount the UnitProCurve NAC 800 rack mount example Horizontal Surface Mounting Connect the Unit to a Power SourceOptional Connect a Console to the Appliance Connect the Network CablesTerminal Configuration Initial Appliance Configuration To set the server IP Address Configuring via the Front LCD DisplayQuick Install Quick Install Quick Install This page intentionally left blank Safety Information Safety and EMC Regulatory StatementsTible de causer des dommages à léquipement Informations concernant la sécuritéGerät beschädigen kann Hinweise zur SicherheitAttrezzature Considerazioni sulla sicurezzaResultar en averías al equipo Consideraciones sobre seguridadSafety Information Japan Safety Information China Japan EMC Regulatory StatementsCanada Australia/New ZealandKorea Taiwan Safety and EMC Regulatory Statements Waste Electrical and Electronic Equipment Weee Statements Recycle StatementsRecycle Statements Recycle Statements Descarte de Lixo Elétrico na Comunidade Européia Numerics IndexPreparing the installation site … 2-5publication data … Rack This page intentionally left blank This page intentionally left blank This page intentionally left blank 5998-3237
Top Page Image Contents