Understanding Access Control Policies
Genian NAC uses four main types of network access control policies: IP/MAC Policy, Node Policy, Enforcement Policy, and Wireless LAN Policy.
IP/MAC Policy
IP/MAC Policy allows administrators to manually or automatically control device IP usage. It also controls network access based on IP and MAC.
To use this feature in NAC, you must set the Network Sensor operating mode to Enforcement mode and enable IP management policies. This document describes how to activate IP management policies, prevent IP conflicts and changes, and assign IPs.
Node Policy
Node Policy primarily collects information from nodes and allows verification and management of networks that are in compliance with policies. Using Node Policy, you can establish authentication policies based on the node's user authentication method and configure General for endpoint policy compliance.
To set up a Node Policy, you must use an existing node group or create a new one.
Then, go to Policy > Node Policy > Select Tasks > Create.
Assign a group to the policy and configure detailed options according to the policy creation procedure.
Enforcement Policy
While Node Policy is for collecting information from nodes, Enforcement Policy is used to allow/block nodes from accessing the network and to take additional actions. These additional actions include redirection to CWP for policy compliance or endpoint control via agents.
By creating a node group (Managing Node Groups) and then creating an enforcement policy, the blueprint for endpoint control is completed. Then, assign the node group to the enforcement policy to apply the policy to nodes included in the group.
RADIUS Policy
To configure policies, you must use an existing user group or create a new one.
Then, go to Policy > RADIUS Policy > Select Tasks > Create.
Assign user groups to the policy, add conditions, and then configure detailed policy settings according to the policy creation procedure.