locked
802.1x enforcement in NAP RRS feed

  • Question

  • Dear All,

    I have some questions about 802.1x enforcement in NAP -

    1. How the VLAN change happens
    2. How to configure isolation for complaint and non complaint

    Rakesh Kumar
    • Edited by Kumar Rakesh Monday, February 1, 2010 8:01 AM wrong word
    Monday, February 1, 2010 8:00 AM

Answers

  • Hi,

    1. The client computer issues a network access request. This is received by the access device (switch or AP) and forwarded to NPS. The access request matches one network policy. The network policy contains a RADIUS tunnel attribute that specifies the VLAN that should be assigned to the client. This is returned to the switch along with the access-accept message. Assuming the VLAN exists on the switch, the switch dynamically assigned the client port to this VLAN.

    2. Compliant computers match a different network policy on NPS than noncompliant computers. Different policies have different VLANs configured in the RADIUS tunnel attribute. When this is sent to the switch, they are moved to different VLANs, therefore they are isolated from each other.

    You may be interested in the NAP 802.1X step by step guide.

    Let me know if you have questions.

    Thanks,
    -Greg
    • Marked as answer by Mervyn Zhang Friday, February 5, 2010 10:35 AM
    Thursday, February 4, 2010 8:38 AM