Download
Share
Print this page
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. ProCurve J9065A
  6. Quick start manual

HP ProCurve J9065A Quick Start Manual page 2

Procurve network access controller 800
Hide thumbs
1
2
3
4

Advertisement

Central Management
Quick-start Card-2
Central Management
NAC 800 uses clusters and servers. A cluster is a logical grouping of one or
more Enforcement servers (ESs) that are managed by one Management server
(MS).
The quarantine method is defined per cluster; all of the Enforcement servers
in a given cluster use the same quarantine method (Inline, DHCP, or 802.1X).
When using multiple clusters, each cluster can have a different quarantine
method. Clusters cooperate to test and control access to the network.
Physical Deployment
NAC 800 installs in one of the following ways:
Inline – When deploying NAC 800 inline, NAC 800 monitors and
enforces all device traffic. When NAC 800 is deployed as a single-
server installation, NAC 800 becomes a Layer 2 bridge that requires
no changes to the network configuration settings. When NAC 800 is
installed in a multiple-server installation, you might have to configure
the switch that connects the NAC 800 enforcement servers to use
Spanning Tree Protocol (STP) if STP is not already configured.
NAC 800 allows devices to access the network or blocks devices from
accessing the network based on their Internet Protocol (IP) address
with a built-in firewall (iptables).
DHCP – When deploying NAC 800 inline with a Dynamic Host Config-
uration Protocol (DHCP) server, all DHCP requests pass through the
NAC 800 server(s) Layer 2 bridge. For a quarantined device, NAC 800
distributes the quarantined IP address for the device. If NAC 800
allows the device to have access, NAC 800 allows your real DHCP
server to distribute a non-quarantined IP address. NAC 800 assigns a
DHCP IP address based on the quarantine area parameters you define
during configuration. You can place restrictions on network access
either at the gateway for the device using Access Control Lists (ACLs),
or on the device by removing the device's gateway and adding static
routes for accessible networks.
802.1X – When deploying NAC 800 in an 802.1X environment, you must
install it where it can communicate with the Remote Authentication
Dial-In User Service (RADIUS) server (or, NAC 800 has a built-in

Advertisement

loading

Related Manuals for HP ProCurve J9065A