Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
411412413414415416417418419420
Chapter 16. Network Login | 411
NETGEAR 8800 User Manual
4. If the SoH indicates that the supplicant is unhealthy, the RADIUS server sends an
Access-Accept message with RADIUS VSAs indicating which:
VLAN the unhealthy supplicant is moved to (in this example, the Quarantine VLAN)
Remediation server(s) the supplicant can get software updates, anti-virus software
and so on to remediate itself
5. When the switch receives the VLAN and remediation server information from the RADIUS
server, the switch:
Moves the supplicant into the Quarantine VLAN.
Applies ACLs to ensure the supplicant in the Quarantine VLAN can access only the
remediation servers. All other traffic not originating/destined from/to the remediation
servers is dropped.
Sends a trap to EPICenter indicating that the supplicant has been authenticated but
has restricted access in the Quarantine VLAN for remediation.
6. The supplicant connects to the remediation server to get software updates, anti-virus
software, and so on to get healthy.
7. After the supplicant is healthy, it re-starts the authentication process and is moved to the
Production VLAN, as a healthy supplicant with full network access.
Using NAP-Specific VSAs to Authenticate 802.1x Supplicants
Table 47 contains the VSA definitions for 802.1x network login in conjunction with devices
and servers that support NAP. The Microsoft Vendor ID is 311.
Note: For more information about NAP and the VSAs supported by NAP,
see the documentation that came with your Microsoft operating
system or server.
Table 47. NAP-Specific VSA Definitions for 802.1x Network Login
VSA Vendor
Type
Type Sent-in Description
MS-Quarantine-State 45 Integer Access-Accept Indicates the network access level that the
RADIUS server authorizes the user. The
network access server (the switch) also
enforces the network access level. A value of
“0” gives the user full network access. A value
of “1” gives the user limited network access. A
value of “2” gives the user full network access
within a specified time period.
MS-IPv4-Remediation
-Servers
52 Integer Access-Accept Indicates the IP address(es) of the remediation
server(s) that an unhealthy supplicant moves
to in order to get healthy.