HP 800 Network Access Controller manual 802.1X, Inline

Introduction

ProCurve Network Access Controller 800

You can deploy each ProCurve NAC endpoint integrity cluster in one of the following configurations.

802.1X

When deploying ProCurve NAC in an 802.1X environment, you must install it where it can communicate with the Remote Authentication Dial-In User Service (RADIUS) server (or, use the built-in RADIUS server on the ProCurve NAC 800). The RADIUS server communicates with the 802.1X authenticator, which performs the quarantining by moving ports or MAC addresses in and out of virtual local area networks (VLANs).

Inline

When deploying ProCurve NAC inline, it monitors and enforces all client traffic. When ProCurve NAC is deployed as a single-server installation, it works as a Layer 2 bridge that requires no changes to the network configura- tion settings. When ProCurve NAC is installed in a multiple-server installation, you need to configure the switch that connects the ProCurve NAC Enforce- ment servers to use Spanning Tree Protocol (STP) if STP is not already configured.

ProCurve NAC allows clients to access the network, or blocks clients from accessing the network based on their Internet Protocol (IP) address with a built-in firewall (iptables).

DHCP

When deploying a ProCurve NAC appliance inline with a Dynamic Host Configuration Protocol (DHCP) server, all DHCP requests pass through the ProCurve NAC appliance’s Layer 2 bridge. For a quarantined client, the ProCurve NAC appliance distributes a quarantined IP address for the client. ProCurve NAC assigns a DHCP IP address based on the quarantine area parameters you define during configuration.

If the ProCurve NAC appliance allows the client to have access, it allows your real DHCP server to distribute a non-quarantined IP address. You can place restrictions on network access either at the gateway for the client using Access Control Lists (ACLs), or on the client by removing the client’s gateway and adding static routes for accessible networks.

Introduction