locked
Block unauthorized user from getting access to LAN by using NAP RRS feed

  • Question

  • HI all

    I need your suggestion to solve my problem

    I have a LAN with many computers that some of them are joined to the domain  and the others not. but I don't know how to restricted them from access to the LAN . I see that we can choose the users with some parameters such as firewall and antivirus but I  don't know what configure should I do to prevention the non domain users to access my network.

    Best Regards

    Wednesday, July 29, 2015 8:49 AM

Answers

  • Hi Sohaa,

    Based on my understanding, you want to block unauthorized users from accessing LAN. Here are three methods could solve your problem: NAP enforcement for 802.1X, NAP enforcements for DHCP and NAP enforcement for IPsec communication. Each of the three methods has its feature.

    802.1X enforcement provides strong network restriction for all computers accessing the network through 802.1X-capable network access servers. However, it needs an 802.1X authenticating switch or an 802.1X compliant wireless access point to place noncompliant 802.1X client on a remediation network.

    Using DHCP enforcement, DHCP serves and NPS enforce health policy when a computer attempts to lease or renew an Ipv4 address. However, if the client configured with a static IP address or configured to circumvent DHCP, this enforcement method is not effective.

    IPsec enforcement for Windows firewall is deployed with a health certificate server. It provides the strongest implementation of NAP. However, you have to make clients to be IPsec enforcement clients.

    If you want to learn more about the above three methods, you may click the following link:

    NAP Enforcement for 802.1X:

    https://technet.microsoft.com/en-us/library/cc770861%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    NAP Enforcement for DHCP:

    https://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx

    NAP Enforcement for IPsec Communications:

    https://technet.microsoft.com/en-us/library/cc771899(v=ws.10).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by sohaa Tuesday, August 4, 2015 6:04 AM
    Thursday, July 30, 2015 5:19 AM

All replies

  • Hi Sohaa,

    Based on my understanding, you want to block unauthorized users from accessing LAN. Here are three methods could solve your problem: NAP enforcement for 802.1X, NAP enforcements for DHCP and NAP enforcement for IPsec communication. Each of the three methods has its feature.

    802.1X enforcement provides strong network restriction for all computers accessing the network through 802.1X-capable network access servers. However, it needs an 802.1X authenticating switch or an 802.1X compliant wireless access point to place noncompliant 802.1X client on a remediation network.

    Using DHCP enforcement, DHCP serves and NPS enforce health policy when a computer attempts to lease or renew an Ipv4 address. However, if the client configured with a static IP address or configured to circumvent DHCP, this enforcement method is not effective.

    IPsec enforcement for Windows firewall is deployed with a health certificate server. It provides the strongest implementation of NAP. However, you have to make clients to be IPsec enforcement clients.

    If you want to learn more about the above three methods, you may click the following link:

    NAP Enforcement for 802.1X:

    https://technet.microsoft.com/en-us/library/cc770861%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    NAP Enforcement for DHCP:

    https://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx

    NAP Enforcement for IPsec Communications:

    https://technet.microsoft.com/en-us/library/cc771899(v=ws.10).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by sohaa Tuesday, August 4, 2015 6:04 AM
    Thursday, July 30, 2015 5:19 AM
  • really appreciate your help

    I will try these solutions

    Friday, July 31, 2015 7:39 AM