Motorola RFS7000 Series System Reference Manual page 133

11. Click Cancel to revert back to the last saved configuration and move back to the
Network > Wireless LANs > Edit screen.
Configuring an External Radius Server for Optimal Switch Support
The switch's external Radius Server should be configured with Motorola RFS7000 specific attributes to best
utilize the user privilege values assignable by the Radius Server. The following two values should be
configured on the external Server for optimal use with the switch:
• Motorola user privilege values
• User login source
Configuring NAC Server Support
There is an increasing proliferation of insecure devices (laptops, mobile computers, PDA, smart-phones)
accessing WiFi networks. These devices often lack proper anti-virus software and can potentially infect the
network they access. Device compliance per an organization's security policy must be enforced using NAC. A
typical security compliance check entails verifying the right operating system patches, anti-virus software etc.
NAC is a continuous process for evaluating MU credentials, mitigating security issues, admitting MUs to the
network and monitoring MUs for compliance with globally-maintained standards and policies. If a MU is not
in compliance, network access is restricted by quarantining the MU.
Using NAC, the switch hardware and software grants access to specific network devices. NAC performs a user
and MU authorization check for devices without a NAC agent. NAC verifies a MU's compliance with the
switch's security policy. The switch supports only EAP/802.1x NAC. However, the switch provides a mean to
bypass NAC authentication for MU's without NAC 802.1x support (printers, phones, PDAs etc.).
For a NAC configuration example using the switch CLI, see
on page 4-73.
NAC can be configured in the following 3 modes:
• None – NAC disabled, no NAC is conducted. A MU can only be authenticated by a Radius server.
• Do NAC except exclude list – A MU NAC check is conducted except for those in the exclude-list.
Devices in the exclude-list will not have any NAC checks.
• Bypass NAC except include list – A MU NAC check is conducted only for those MUs in the
include-list.
For more information on defining the configuration of the NAC include and exclude lists, see
Configuring the NAC Inclusion List on page 4-66
To configure NAC Server support:
1. Select Network
2. Select an existing WLAN from those displayed with the
3. Click the Edit button.
4. Select either the EAP
field.
This enables the Radius button at the bottom of the Network > Wireless LANs > Edit screen.
5. Select the Radius
The Radius Configuration screen displays (with the Radius tab displayed by default) for defining an
external Radius or NAC Server.
or Configuring the NAC Exclusion List on page
> Wireless LANs from the main menu tree.
802.1x, Hotspot or Dynamic MAC ACL
button.
NAC Configuration Examples Using the Switch CLI
Configuration tab.
button from within the Authentication
4-47
Network Setup
4-70.