Network Access Control

 View Only

  • 1.  Question of LAN Enforcer Implement

    Posted Jul 03, 2009 05:02 AM
    i will deploy SNAC as lan enforce mode,but some question are confused.
    1.if i use lan enforcer,i need change NAC client to PEAP authentication.but my DC is Win server 2003,and client is win XP Sp2,what is the best practise setting PEAP authentication properties of all NAC client.
    2.if i enable MAB in the enforcer,the device whose mac address in MAB DB will enforcing to which vlan.


  • 2.  RE: Question of LAN Enforcer Implement

    Posted Jul 04, 2009 05:12 PM
    How a LAN Enforcer appliance works

     http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120314023148

    Protected EAP (PEAP) Support Added to Windows XP SP1 and Windows Server 2003

    http://support.microsoft.com/kb/325725





  • 3.  RE: Question of LAN Enforcer Implement

    Posted Jul 04, 2009 11:09 PM
    For the second question, could you tell which product version are your running?




  • 4.  RE: Question of LAN Enforcer Implement

    Posted Jul 05, 2009 11:39 PM
    SEPM version is 4000.2295,and Lan Enforcer version is 4000.





  • 5.  RE: Question of LAN Enforcer Implement

    Posted Jul 05, 2009 11:56 PM
    hi

    the docs is not useful for me,because i am confuse what is the best way to setting all snac client peap properties of wired NIC.

    whether i should do setting one by one or deploying using some batches?



  • 6.  RE: Question of LAN Enforcer Implement

    Posted Jul 06, 2009 06:15 AM
    Thanks, noble.

    The MAB behaviour for this version will be:  VLAN be switched according to Action Table in SEPM,  Condition will be: HI: UNAVAILABLE; EAP:PASS; PRO:UNAVAILABLE.

    You need to properly configure action table in SEPM first.

    Please tell if you need further help.

    Figo