Configuring The Nac Inclusion List - Motorola RFS7000 Series System Reference Manual

4-66 Network Setup
AIFSN
Transmit Ops
CW Minimum
CW Maximum
Use DSCP or 802.1p
5. Refer to the Status
error messages if something goes wrong in the transaction between the applet and the switch.
6. Click OK to use the changes to the running configuration and close the dialog.
7. Click Cancel to close the dialog without committing updates to the running configuration.

4.5.4 Configuring the NAC Inclusion List

Using NAC, the switch acts as an enforcement entity before allowing MU access to specific network
resources. NAC performs a MU host integrity check wherein a MU sends host integrity information to the NAC
server. The NAC server configuration is defined on the switch on a per WLAN basis. NAC verifies a MU's
compliance with the NAC server's security policy (not the switch).
For a NAC configuration example using the switch CLI, see
on page 4-73.
An include list is a list of MAC addresses configured for a WLAN. During EAP authentication, the EAP server
(Radius or NAC server) is determined based on the MU's MAC address.
• All non-802.1x devices are partitioned into a WLAN (separate from a 802.1x enabled WLAN).
• Communication between devices in a 802.1x supported WLAN and a non 802.1x supported WLAN is
achieved by merging the WLANs within the same VLAN.
The switch uses the include list to add devices that are NAC supported. The following explains how
authentication is achieved using 802.1x. The switch authenticates 802.1x enabled devices using one of the
following:
• NAC Agent – NAC support is added in the switch to allow the switch to communicate with a LAN
enforcer (a laptop with a NAC agent installed).
• No NAC Agent – NAC support is achieved using an exclude list. For more information, see
Configuring the NAC Exclusion List on page
By default, a WLAN is NAC disabled. Each WLAN can be configured to:
Define the current Arbitrary Inter-frame Space Number (AIFSN).
Higher-priority traffic categories should have lower AIFSNs than
lower-priority traffic categories. This will causes lower-priority
traffic to wait longer before trying to access the medium.
Define the maximum duration a device can transmit after obtaining
a transmit opportunity. For higher-priority traffic categories, this
value should be set to a low number.
The CW Minimum is combined with the CW Maximum to make the
Contention screen. From this range, a random number is selected
for the back off mechanism. Select a lower value for high priority
traffic.
The CW Maximum is combined with the CW Minimum to make the
Contention screen. From this range, a random number is selected
for the back off mechanism. Lower values are used for higher
priority traffic
Select the DSCP or 802.1p radio buttons to choose between DSCP
and 802.1p.
field for the current state of the requests made from applet. This field displays
4-70.
NAC Configuration Examples Using the Switch CLI