NAC Configuration Window

The NAC Configuration lets you manage the end user connection experience and control network access based on a variety of criteria including authentication, user name, MAC address, device type, and location. NAC Manager comes with a default NAC Configuration which is automatically assigned to your Extreme Access Controlengines. You can use this default configuration as is, or make changes to the default configuration, if desired.

The NAC Configuration window provides access to the various NAC components used to configure different aspects of NAC. This Help topic talks about the Features panel. The other components are discussed in separate Help topics that can be accessed from the links below.

  • Accessing the NAC Configuration
  • Features - Enable the registration, access, and assessment/remediation features you want for your network.
  • Rules - Define the rules that are used by the NAC configuration to assign a NAC Profile to a connecting end-system.
  • AAA Configuration - Define the RADIUS and LDAP configurations that provide the authentication and authorization services for your Extreme Access Control engines.
  • Portal Configuration - Configure the portal website used by the end user during the registration or remediation process.

Accessing the NAC Configuration

Use the following steps to access the NAC Configuration:

  1. Click the NAC ManagerEdit NAC Configuration toolbar button to open the NAC Configuration window or use the Edit button in the Configuration tab.
  2. In the NAC Configuration window, a left-panel tree that provides access to different NAC components displays. Select the component you wish to edit and make the desired changes.
  3. Save any changes made in this window. Enforce the NAC configuration to the engine group.

Features

Use the Features panel to enable or disable the registration, access, and assessment/remediation features you want available to users connecting to the network.

  1. Open the NAC Configuration window. Make sure that the Features icon is selected in the left-panel tree.
  2. To enable a feature, click the Enable Feature button. A menu is displayed with the following features:
    • Guest Registration/Access - Allows unauthenticated access to the network via Guest Registration, Guest Web Access, or Secure Guest Access.
    • Authenticated Registration/Access - Allows authenticated access to the network via Authenticated Registration or Authenticated Web Access.
    • Assessment/Remediation - Allows presentation of vulnerabilities to the end user with links to resources to correct the issues.
    • Advanced Location-Based Access - Allows for the definition of different access features based on location of an end-system. If you select Advanced Location-Based Access, a window opens where you can configure a location. If you are configuring multiple locations, you must use the Enable Feature menu each time you want to configure a location.

    Select the desired feature. When you enable a feature, it is listed in the Summary section of the Feature panel. Use the menu to select each feature you want to enable.

  3. If you selected Guest Registration/Access, use the drop-down menu to select the desired access type:
    • Guest Registration - Allows unauthenticated access to the network for the length of the registration. Registration also has provisions for capturing end-user specific information during the registration process.
    • Guest Web Access - Allows presentation of an Acceptable Use Policy to the guest user and allows guest access to the network for the duration of their session. On each subsequent attempt to access the network, the user is presented with the Guest Web Access login page.
    • Secure Guest Access - Allows a guest to gain secure wireless access to your network via 802.1x (PEAP) authentication using credentials that are created when the user registers onto an open SSID. The registration can be configured to expire if desired to allow only temporary access to your network.

    After selecting the appropriate type, click on the Guest Registration/Access link to open the portal configuration page where you can configure the corresponding parameters. Refer to the Portal Configuration Help topic for more information.

  4. If you selected Authenticated Registration/Access, use the drop-down menu to select the desired type:
    • Authenticated Registration - Allows authenticated access to the network for the length of the registration. Registration also has provisions for capturing end-user specific information during the registration process.
    • Authenticated Web Access - Allows presentation of an Acceptable Use Policy to the user and allows authenticated access to the network for the duration of their session. On each subsequent attempt to access the network, the user is redirected to the Authenticated Web Access login page.

    After selecting the appropriate type, click on the Authenticated Registration/Access link to open the portal configuration page where you can configure the corresponding parameters. Refer to the Portal Configuration Help topic for more information.

  5. If you selected Assessment/Remediation, click on the Assessment/Remediation link to open the portal configuration page where you can configure the corresponding parameters. Refer to the Portal Configuration Help topic for more information.
  6. If you selected Advanced Location-Based Access, use the Advanced Location-Based Registration and Web Access Behavior window to configure your access.

Related Information

For information on related windows:

Top