The main control tool in NAC is rules. Rules allow you to determine the actions taken toward network devices on their registration in the network.
The actions may be as follows:
- Block network access;
- Redirect to authorization portal;
- Allow specified addresses only.
Rules are configured in the Managing Network Access section of the Network Agent policy's properties. Thus, the policy may be applied to the entire group of managed computers. The policy may include white list and the list of devices with limited access to the network. Devices included into white list have high priority and are always granted access to requested network resources.
Creating a list of network elements
First of all, you will need to create Network elements. The following devices are considered elements:
- Network devices;
- IP telephones;
- Other devices;
- Unknown devices;
- Devices of any type.
Network elements are added in the properties of the Network Agent policy under the section Managing network access (NAC) -> Network elements. To create an element, click the Add button.
The drop-down list of element types will display.
After an element type has been selected, you will see the window Creating network element. Specify the element name and add network devices by certain parameters.
The parameters may be as follows:
- By network attributes;
- Enterprise devices;
- By manufacturer;
- By domain membership;
- By computer status;
- By software.
As an example, we will add a device by network attributes.
After the item By network attributes has been selected, the window shown below will open.
Here you can specify the parameters by which the device will be identified.
As an example, we will create a sample network element named Test and add a network device with IP address 192.168.0.101.
Next, the element will display in the network element list.
Creating access rules
As it was stated above, there are two lists: white list and access restrictions list.
Once you create a network element, it may be included to either of the lists.
For example, the list named Test consists of one computer with the IP address 192.168.0.101. We can add it to the white list, which will allow it to access any network resource.
To do this, open the Network Agent policy, select the section Managing network access (NAC) -> Access rules, then click Add. Next, select a network element (in this example, it is Test). The added element will display in the list.
If you want to limit network resources access, add network elements to the list named Access restrictions and select an access mode:
Block network access will completely disable the activity of a traffic source;
Redirect to authorization portal redirects all requests to the authorization page. Network activity is only allowed on successful authorization;
Allow specified addresses only is the option that blocks all devices except for the allowed ones (they are selected from the list Network services addresses under the same section Managing network access (NAC) of the Network Agent policy's properties.
To configure Authorization page, open Managing network access -> Authorization page. In this section you can create user accounts. The appearance of authorization page may be configured here as well.