How it Works
HP
Loading...
P
Loading...
Loading...
ProCurve J9065A
Quick Start Manual
4 pgs45.96 Kb0

HP ProCurve J9065A Quick Start Manual

ProCurve Network Access Controller 800
Quick-start Guide
Revision 1.0
Central Management
Central Management
NAC 800 uses clusters and servers. A cluster is a logical grouping of one or more Enforcement servers (ESs) that are managed by one Management server (MS).
The quarantine method is defined per cluster; all of the Enforcement servers in a given cluster use the same quarantine method (Inline, DHCP, or 802.1X). When using multiple clusters, each cluster can have a different quarantine method. Clusters cooperate to test and control access to the network.
Physical Deployment
NAC 800 installs in one of the following ways:
Inline – When deploying NAC 800 inline, NAC 800 monitors and
enforces all device traffic. When NAC 800 is deployed as a single­server installation, NAC 800 becomes a Layer 2 bridge that requires no changes to the network configuration settings. When NAC 800 is installed in a multiple-server installation, you might have to configure the switch that connects the NAC 800 enforcement servers to use Spanning Tree Protocol (STP) if STP is not already configured.
Quick-start Card-2
NAC 800 allows devices to access the network or blocks devices from accessing the network based on their Internet Protocol (IP) address with a built-in firewall (iptables).
DHCP – When deploying NAC 800 inline with a Dynamic Host Config-
uration Protocol (DHCP) server, all DHCP requests pass through the NAC 800 server(s) Layer 2 bridge. For a quarantined device, NAC 800 distributes the quarantined IP address for the device. If NAC 800 allows the device to have access, NAC 800 allows your real DHCP server to distribute a non-quarantined IP address. NAC 800 assigns a DHCP IP address based on the quarantine area parameters you define during configuration. You can place restrictions on network access either at the gateway for the device using Access Control Lists (ACLs), or on the device by removing the device routes for accessible networks.
802.1X – When deploying NAC 800 in an 802.1X environment, you must
install it where it can communicate with the Remote Authentication Dial-In User Service (RADIUS) server (or, NAC 800 has a built-in
's gateway and adding static
Loading...
+ 2 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use