Entering Basic 802.1X Settings - Extreme Networks AG200 User Manual
Version 5.0
Hide thumbs
Also See for AG200:
- Installation manual (80 pages) ,
- Hardware installation manual (40 pages) ,
- Hardware quick start manual (2 pages)
Table of Contents
Advertisement
1 Select a cluster.
2 In the Quarantine method area, select one of the following quarantine methods:
802.1X—When using the 802.1X quarantine method, Sentriant AG must sit in a place on the
■
network where it can communicate with your RADIUS server, which communicates with your
switch or router, which performs the quarantining.
DHCP—When configured with a DHCP quarantine area, Sentriant AG must sit inline with your
■
DHCP server. All endpoints requesting a DHCP IP address are issued a temporary address on a
quarantine subnetwork. Once the endpoint is allowed access, the IP address is renewed, and the
main DHCP server assigns an address to the main LAN. With a multiple subnetwork or VLAN
network, one quarantine area must be configured for each sub-network.
Inline—When using the inline quarantine method, Sentriant AG must be placed on the network
■
where all traffic to be quarantined passes through Sentriant AG. It must be inline with an
endpoint like a VPN.
3 Click ok.
Entering Basic 802.1X Settings
To enter basic 802.1X settings:
Sentriant AG home window>>System configuration>>Quarantining>>802.1X quarantine method radio
button
1 In 802.1X enforcement mode, the Enforcement servers must be able monitor DHCP conversations
and detect endpoints by sniffing network traffic as it flows between the DHCP server and the
endpoints. Select an Endpoint detection location radio button as follows:
Remote—In more complex deployments, it is often impossible (in the case of multiple
■
Enforcement servers or multiple DHCP servers) or undesirable to span switch ports. In this case
the DHCP traffic monitoring and endpoint detection can be run remotely by installing and
configuring the endpoint activity capture software on each DHCP server involved in the 802.1X
deployment. In this case, choose the remote option.
Local—In simple configurations, it is possible to span, or mirror, the switch port into which the
■
DHCP server is connected. The eth1 interface of the Enforcement server is then plugged into the
spanned port and endpoint traffic is monitored on the eth1 interface. In this case, choose the local
option.
2 Enter one or more non-quarantined subnets, separated by commas in the Quarantine subnets text
field. All subnets should be entered using CIDR addresses.
Sentriant AG Users' Guide, Version 5.0
System Configuration
77
Advertisement
Table of Contents
