Inline Quarantine Method
Inline
9-2
Inline
Inline is the most basic NAC 800 installation. When deploying NAC 800 inline,
NAC 800 monitors and enforces all endpoint traffic.
When NAC 800 is installed in a single-server installation, NAC 800 becomes a
Layer 2 bridge that requires no changes to the network configuration settings.
When NAC 800 is installed in a multiple-server installation, you may have to
configure the switch that connects the NAC 800 Enforcement servers to use
Spanning Tree Protocol (STP) if STP is not already configured.
NAC 800 allows endpoints to access the network or blocks endpoints from
accessing the network based on their Internet Protocol (IP) address with a
built-in firewall (iptables).
When NAC 800 is installed inline in a multiple-server configuration (figure 9-
1), the multiple Enforcement servers (ESs) form a network loop (an undesired
condition). The Spanning Tree Protocol (STP) detects the loop and closes one
of the offending ports on the switch based on the switch configuration. If an