Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
61626364656667686970
1-53
Access Control Concepts
ProCurve NAC 800
EAP
PEAP with MS-CHAPv2
•TLS
TTLS with MD5
•GTC
•LEAP
The NAC 800’s FreeRADIUS server can also log users’ activity and function as
an accounting server.
To configure the NAC 800 to provide RADIUS services, you choose the 802.1X
deployment and quarantining method. You then prevent the NAC 800 from
testing endpoint integrity.
NAC 800 as Both a RADIUS Server and an Endpoint Integrity
Solution
The NAC 800, with its built-in FreeRADIUS server, offers services on both
network access control fronts. To provide both RADIUS and endpoint integrity
services, the NAC 800 must be deployed with the 802.1X method.
The NAC 800 then acts as a PDP that includes these factors in its decisions:
User’s authentication status as determined by its built-in FreeRADIUS
server
As described in the section above, the NAC 800 can draw on several
remote policy repositories to authenticate the user.
Note You can use IDM to manage a NAC 800’s local database as an alternative
to having the NAC 800 query a remote policy repository such as a
directory.
Endpoint integrity posture
If the user authenticates successfully, the NAC 800 decides whether his
or her endpoint should receive normal network access or quarantined
access. This decision is based on the endpoint’s compliance with NAC
policies. After the NAC 800 tests the endpoint, it makes another access
decision and assigns the user to the appropriate VLAN.
You can configure the policies for VLAN assignment on the NAC 800
manually. However, IDM offers a quick and efficient way to create the
policies. (See “ProCurve IDM” on page 1-58.)