Advertisement
Network Setup
b Set the Telnet Access value to 64 (user is allowed login privileges only from a Telnet session).
c Set the SSH Access value to 32 (user is allowed login privileges only from ssh session).
d Set the Web Access value to 16 (user is allowed login privileges only from Web/applet).
3 Specify multiple access sources by using different values. The privilege values can be ORed and
specified once. For example, if a user needs access from both the console and Web, configure the
Radius Server with the 100 attribute twice, once with value 128 for console and next with value 16
for Web access.
Configuring NAC Server Support. There is an increasing proliferation of insecure devices (laptops, mobile
computers, PDA, smart-phones) accessing WiFi networks. These devices often lack proper anti-virus
software and can potentially infect the network they access. Device compliance per an organization's
security policy must be enforced using NAC. A typical security compliance check entails verifying the
right operating system patches, anti-virus software etc.
NAC is a continuous process for evaluating MU credentials, mitigating security issues, admitting MUs
to the network and monitoring MUs for compliance with globally-maintained standards and policies. If
a MU is not in compliance, network access is restricted by quarantining the MU.
Using NAC, the controller hardware and software grants access to specific network devices. NAC
performs a user and MU authorization check for devices without a NAC agent. NAC verifies a MU's
compliance with the controller's security policy. The controller supports only EAP/802.1x NAC.
However, the controller provides a mean to bypass NAC authentication for MU's without NAC 802.1x
support (printers, phones, PDAs etc.).
For a NAC configuration example using the controller CLI, see
on page 156
or
None – NAC disabled, no NAC is conducted. A MU can only be authenticated by a Radius server.
●
Do NAC except exclude list – A MU NAC check is conducted except for those in the exclude-list.
●
Devices in the exclude-list will not have any NAC checks.
Bypass NAC except include list – A MU NAC check is conducted only for those MUs in the
●
include-list.
To configure NAC Server support:
1 Select Network > Wireless LANs from the main menu tree.
2 Select an existing WLAN from those displayed with the Configuration tab.
3 Click on the Edit button.
4 Select either the EAP 802.1x, Hotspot or Dynamic MAC ACL button from within the Authentication
field.
This enables the Radius button at the bottom of the Network > Wireless LANs > Edit screen.
5 Select the Radius button.
The Radius Configuration screen displays (with the Radius tab displayed by default) for defining an
external Radius or NAC Server.
6 .Select the NAC tab to configure NAC support.
138
"Configuring the NAC Exclusion List" on page
"Configuring the NAC Inclusion List"
160.
Summit WM3000 Series Controller System Reference Guide
- Quick Links:
- Introduction
- Configuration Management
Hide quick links:
Advertisement
Troubleshooting
