Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
211212213214215216217218219220
3-97
Designing Access Controls
Choose RADIUS Servers
requires six NAC 800 ESs (preferably in at least two clusters) and one NAC
800 MS. In each cluster, only one or two NAC 800 ESs must act as RADIUS
servers. The others ES can simply provide testing.
4. In a multi-site network, where will you place NAC 800s (at a central site
or at each site)?
The same access control architectures for RADIUS servers apply to NAC
800s. See “Choose an Access Control Architecture” on page 3-84.
However, you must take into account the fact that at least one NAC 800
ES (and more for the sake of redundancy) must receive mirrored DHCP
traffic. Unless your switches support remote traffic mirroring (as do the
ProCurve Switches 3500yl, 5400zl, and 6200yl), you must connect the NAC
800 ESs to the same switch to which DHCP servers connect. Even if your
switches do support remote mirroring, it is best practice to locate the NAC
800s as close to the DHCP servers as possible.
Note that one NAC 800 MS can manage up to 10 NAC ESs (with up to five
ESs per-cluster). So, wherever you place MSs, you must have a least one
for every 10 ESs.