Configuring The Nac Inclusion List - Motorola WiNG 4.4 Reference Manual

4 - 68 WiNG 4.4 Switch System Reference Guide
CW Minimum
CW Maximum
Max Retries
Use DSCP or
802.1p
5. Refer to the Status
something goes wrong in the transaction between the applet and the switch.
6. Click OK to use the changes to the running configuration and close the dialog.
7. Click Cancel

4.5.4 Configuring the NAC Inclusion List

Using NAC, the switch acts as an enforcement entity before allowing MU access to specific network resources. NAC
performs a MU host integrity check wherein an MU sends host integrity information to the NAC server. The NAC server
configuration is defined on the switch on a per WLAN basis. NAC verifies an MU's compliance with the NAC server's
security policy (not the switch).
For a NAC configuration example using the switch CLI, see
74.
An include list is a list of MAC addresses configured for a WLAN. During EAP authentication, the EAP server (Radius or
NAC server) is determined based on the MU's MAC address.
• All non-802.1x devices are partitioned into a WLAN (separate from a 802.1x enabled WLAN).
• Communication between devices in a 802.1x supported WLAN and a non 802.1x supported WLAN is achieved by
merging the WLANs within the same VLAN.
The switch uses the include list to add devices that are NAC supported. The following explains how authentication is
achieved using 802.1x. The switch authenticates 802.1x enabled devices using one of the following:
• NAC Agent – NAC support is added in the switch to allow the switch to communicate with a LAN enforcer (a laptop
with a NAC agent installed).
• No NAC Agent – NAC support is achieved using an exclude list. For more information, see
Configuring the NAC Exclusion List on page
By default, a WLAN is NAC disabled. Each WLAN can be configured to:
• Conduct a NAC check for MU's connecting to the WLAN as well as perform an additional exclude function, by attaching
an exclude list to the WLAN.
• Do not perform NAC validation for MUs connecting to the WLAN.
• Include a few MUs for NAC validation and bypass the rest of the MUs.
To view the attributes of a NAC Include list:
1. Select Network > Wireless LANs
The CW Minimum is combined with the CW Maximum to make the Contention screen. From
this range, a random number is selected for the back off mechanism. Select a lower value for
high priority traffic.
The CW Maximum is combined with the CW Minimum to make the Contention screen. From
this range, a random number is selected for the back off mechanism. Lower values are used
for higher priority traffic
Defines a maximum number of retries for each Access Category.
Selects the DSCP or 802.1p radio buttons to choose between DSCP and 802.1p.
field for the current state of the requests made from applet. This field displays error messages if
to close the dialog without committing updates to the running configuration.
from the main menu tree.
NAC Configuration Examples Using the Switch CLI on page 4-
4-72.