802.1X; Inline; Dhcp - HP ProCurve 800 Hardware Installation Manual

Introduction
ProCurve Network Access Controller 800
You can deploy each ProCurve NAC endpoint integrity cluster in one of the
following configurations.

802.1X

When deploying ProCurve NAC in an 802.1X environment, you must install it
where it can communicate with the Remote Authentication Dial-In User
Service (RADIUS) server (or, use the built-in RADIUS server on the ProCurve
NAC 800). The RADIUS server communicates with the 802.1X authenticator,
which performs the quarantining by moving ports or MAC addresses in and
out of virtual local area networks (VLANs).

Inline

When deploying ProCurve NAC inline, it monitors and enforces all client
traffic. When ProCurve NAC is deployed as a single-server installation, it
works as a Layer 2 bridge that requires no changes to the network configura-
tion settings. When ProCurve NAC is installed in a multiple-server installation,
you need to configure the switch that connects the ProCurve NAC Enforce-
ment servers to use Spanning Tree Protocol (STP) if STP is not already
configured.
ProCurve NAC allows clients to access the network, or blocks clients from
accessing the network based on their Internet Protocol (IP) address with a
built-in firewall (iptables).

DHCP

When deploying a ProCurve NAC appliance inline with a Dynamic Host
Configuration Protocol (DHCP) server, all DHCP requests pass through the
ProCurve NAC appliance's Layer 2 bridge. For a quarantined client, the
ProCurve NAC appliance distributes a quarantined IP address for the client.
ProCurve NAC assigns a DHCP IP address based on the quarantine area
parameters you define during configuration.
If the ProCurve NAC appliance allows the client to have access, it allows your
real DHCP server to distribute a non-quarantined IP address. You can place
restrictions on network access either at the gateway for the client using
Access Control Lists (ACLs), or on the client by removing the client's gateway
and adding static routes for accessible networks.
1-3