Port-based NAC

The Port-Based NAC (Network Access Control) module prohibits access to the network by devices that are not registered and notifies the IT department. Based on the device, the VLAN is automatically assigned to the switch-port and therefore reduces LAN management. All LAN activity is tracked and logged for auditing purposes.

If a device is not in the database, it will automatically moved to the guest network, if there is a function implemented that allows this to happen. This function can be implemented on the switch or on a submitted port. Even so this function decreases the security, because everyone can have access to the assigned network and is therefore not recommended. If you decide to use this function it will connect with the server. After it is connected, patches and/or updates will follow and alarm messages will send the information to the IT department.

To add a new computer for the database you need to enter de VLAN the MAC-Address and the Site. To have an overview to every component, every switch was added in the “PNAC” module, in the “Active Network Components” field to be exact. You have to enter the IP address and the name of the switch so that the radius server can assign a request to a switch or a switchgroup. You can define new sets of rules for access on the switchgroups.

Most of the time one or two VLANs are defined in a small company. One for intern purposes and one for the guests, if you decide to implement this feature. The VLAN is, based on the device, automatically assigned to the switch-port. This makes sure, that the device is always in the correct VLAN. The VLAN configuration is on the switch1, but you also have to add it in the “PNAC”. Unknown devices are either rejected or, as already mentioned, has its own VLAN, the guest VLAN.