Question of LAN Enforcer Implement
noble
July 3rd, 2009
i will deploy SNAC as lan enforce mode,but some question are confused.
1.if i use lan enforcer,i need change NAC client to PEAP authentication.but my DC is Win server 2003,and client is win XP Sp2,what is the best practise setting PEAP authentication properties of all NAC client.
2.if i enable MAB in the enforcer,the device whose mac address in MAB DB will enforcing to which vlan.
How a LAN Enforcer appliance works
How a LAN Enforcer appliance works
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120314023148
Protected EAP (PEAP) Support Added to Windows XP SP1 and Windows Server 2003
http://support.microsoft.com/kb/325725
SEP 11.0 Top Articles
FAQ about Symantec Critical System Protection
For the second question,
For the second question, could you tell which product version are your running?
reply to figo
SEPM version is 4000.2295,and Lan Enforcer version is 4000.
Mab Authentication
Thanks, noble.
The MAB behaviour for this version will be: VLAN be switched according to Action Table in SEPM, Condition will be: HI: UNAVAILABLE; EAP:PASS; PRO:UNAVAILABLE.
You need to properly configure action table in SEPM first.
Please tell if you need further help.
Figo
replay to Vikram Kumar
hi
the docs is not useful for me,because i am confuse what is the best way to setting all snac client peap properties of wired NIC.
whether i should do setting one by one or deploying using some batches?
Would you like to reply?
Login or Register to post your comment.