Enterasys Networks 9034385 User Overrides, 3 MAC Override Configuration Guidelines continued

Procedures for Out-of-Band and Inline NAC

Table 5-3 MAC Override Configuration Guidelines (continued)

User Overrides

A user override lets you create a configuration for a specific end user, based on the user name. For example, you could create a user override that gives a trusted end user immediate network access without performing an assessment.

User overrides can be used in network scenarios similar to those described for MAC overrides:

•A specific user that requires a distinct set of parameters for authentication, assessment, and authorization. For example, a user override can be configured for executives of a corporation to permit immediate network access without assigning the Assessment Policy during end‐ system assessment.

•A specific user can be restricted network access (“blacklisted”) for a particular Security Domain or all Security Domains, by associating the username with the Accept Policy of “Quarantine” or by sending a RADIUS Access‐Reject for this user. For example, an employee can be restricted access to a certain area of the network, or students can be denied network access during an exam.

•A specific user can be permitted a special level of network access (“whitelisted”) by associating the username with the Accept Policy of “Administrator” to allow unlimited network access.

It is important to note that the Layer 3 NAC Controller may not determine the true MAC address of the downstream connected end‐system. In this case, a MAC override configured in NAC

5-16 Design Procedures