Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
41424344454647484950
Overview
1-30
1.2.5.16 NAC
There is an increasing proliferation of insecure devices (laptops, mobile computers, PDA, smart-phones)
accessing WiFi networks. These devices often lack proper anti-virus software and can potentially infect the
network they access. Device compliance per an organization’s security policy must be enforced using NAC. A
typical security compliance check entails verifying the right operating system patches, anti-virus software etc.
NAC is a continuous process for evaluating MU credentials, mitigating security issues, admitting MUs to the
network and monitoring MUs for compliance with globally-maintained standards and policies. If a MU is not
in compliance, network access is restricted by quarantining the MU.
Using NAC, the switch hardware and software grants access to specific network devices. NAC performs a user
and MU authorization check for devices without a NAC agent. NAC verifies a MU’s compliance with the
switch’s security policy. The switch supports only EAP/802.1x NAC. However, the switch provides a mean to
bypass NAC authentication for MU’s without NAC 802.1x support (printers, phones, PDAs etc.).
For information on configuring NAC support, see Configuring NAC Server Support on page 4-47.
To review a NAC configuration example using the switch CLI, see NAC Configuration Examples Using the
Switch CLI on page 4-73.
1.2.6 Access Port Support
Access ports work on any VLAN with switch connectivity. The switch supports AP300 model access ports:
For information defining the switch access port support scheme, see Viewing Access Port Radio Information
on page 4-84.
CAUTION An access port is required to have a DHCP provided IP address before
attempting layer 3 adoption, otherwise it will not work. Additionally, the access
port must be able to find the IP addresses of the switches on the network. To
locate switch IP addresses on the network:
Configure DHCP option 189 to specify each switch IP address.
Configure a DNS Server to resolve an existing name into the IP of the switch.
The access port has to get DNS server information as part of its DHCP
information. The default DNS name requested by an AP300 is
“Symbol-CAPWAP-Address”. However, since the default name is
configurable, it can be set as a factory default to whatever value is needed.
!