•
Inline – When using the inline quarantine method, NAC 800 must be
placed on the network where all traffic to be quarantined passes
through NAC 800. It must be inline with an endpoint like a VPN.
3.
Click ok.
Entering Basic 802.1X Settings
To enter basic 802.1X settings:
NAC 800 home window>>System configuration>>Quarantining>>802.1X
quarantine method radio button
1.
Enter an IP address in the Identity Driven Manager (IDM) server IP address
text field.
2.
Enter one or more non-quarantined subnets, separated by commas in the
Quarantine subnets text field. All subnets should be entered using CIDR
addresses.
3.
Select a RADIUS server type by selecting one of the following radio buttons:
Local – Enables a local RADIUS server on the Enforcement server
•
which can be configured to perform authentication itself or proxy to
another server.
•
Remote IAS – Disables the local RADIUS server so that an IAS server
configured with the NAC IAS plug-in to point to an Enforcement
server can be used instead. When possible, a local RADIUS server that
proxies to the IAS server should be the preferred configuration.
Click ok.
4.
Selecting the RADIUS Authentication method
To select the RADIUS authentication method:
NAC 800 home window>>System configuration>>Quarantining>>802.1X
quarantine method radio button
Select the Local radio button in the Basic 802.1X settings area.
1.
Select an End-user authentication method:
2.
Manual – RADIUS server authentication settings are configured man-
•
ually from the command line. See "Enabling NAC 800 for 802.1X" on
page 11-43 for configuration information.
System Configuration
Quarantining
3-51