Access Control Concepts

ProCurve NAC 800

If, on the other hand, the endpoint has the Quarantine or Infected posture, the user is placed in the quarantine or infected VLAN.

Network access in the quarantine and infected VLANs is limited, typically to remediation services, in one or several of these ways:

The endpoint is assigned (via dynamic settings created with IDM) a rate limit and list of accessible resources.

The NAC 800 acts as the endpoint’s DNS server and redirects the user’s Web browser away from all sites (except a limited list of accessible services).

Network infrastructure devices might impose static ACLs on the quarantine VLAN.

Figure 1-7. The User Re-authenticates and Is Placed in the Appropriate VLAN

1-57

Page 71
Image 71
HP Access Control Client Software manual User Re-authenticates and Is Placed in the Appropriate Vlan