Configuring nac server support – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 136

Advertising
background image

122

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Viewing and configuring switch WLANs

4

Configuring NAC server support
There is an increasing proliferation of insecure devices (laptops, mobile computers, PDA,
smart-phones) accessing WiFi networks. These devices often lack proper anti-virus software and
can potentially infect the network they access. Device compliance per an organization’s security
policy must be enforced using NAC. A typical security compliance check entails verifying the right
operating system patches, anti-virus software etc.

NAC is a continuous process for evaluating MU credentials, mitigating security issues, admitting
MUs to the network and monitoring MUs for compliance with globally-maintained standards and
policies. If a MU is not in compliance, network access is restricted by quarantining the MU.

Using NAC, the switch hardware and software grants access to specific network devices. NAC
performs a user and MU authorization check for devices without a NAC agent. NAC verifies a MU’s
compliance with the switch’s security policy. The switch supports only EAP/802.1x NAC. However,
the switch provides a mean to bypass NAC authentication for MU’s without NAC 802.1x support
(printers, phones, PDAs etc.).

For a NAC configuration example using the switch CLI, see

“Configuring the NAC inclusion list”

on

page 141 or

“Configuring the NAC exclusion list”

on page 145.

None – NAC disabled, no NAC is conducted. A MU can only be authenticated by a RADIUS
server.

Do NAC except exclude list – A MU NAC check is conducted except for those in the exclude-list.
Devices in the exclude-list will not have any NAC checks.

Bypass NAC except include list – A MU NAC check is conducted only for those MUs in the
include-list.

To configure NAC Server support:

1. Select Network > Wireless LANs from the main menu tree.

2. Select an existing WLAN from those displayed with the Configuration tab.

3. Click on the Edit button.

4. Select either the EAP 802.1x, Hotspot or Dynamic MAC ACL button from within the

Authentication field.

This enables the RADIUS button at the bottom of the Network > Wireless LANs > Edit screen.

5. Select the RADIUS button.

The RADIUS Configuration screen displays (with the RADIUS tab displayed by default) for
defining an external RADIUS or NAC Server.

Advertising
Popular Brands
Popular manuals