Preparing Access Control using IPAM
===================================

You can enable enforcement by enabling the **Unauthorized Device** default
policy, and changing the default policies on each individual sensor.

To Enable "Unauthorized Device" Policy
--------------------------------------

By default, the “**Unauthorized Device**” enforcement policy is disabled.
Before controlling nodes using the Policy, the enforcement policy for
“**Unauthorized Device**” must be enabled.

#. Go to **Policy** in the top panel
#. Go to **Enforcement Policy** in the left Policy panel
#. Click **Unauthorized Device** name in the Enforcement Policy window
#. Find **General > Status** section to **Enabled**
#. Click **Update**
#. Click **Apply** in top right corner

To Change Sensors IPAM Default Policy
-------------------------------------

The Default Policy can be changed on each sensor’s settings

#. Go to **System** in the top panel
#. Go to **System > Sensor** in the left System Management panel
#. Click the desired sensor’s **IP Address**
#. Click the **Settings** tab and click **Sensor Settings**
#. Find **IPAM Policy** section, change **IPAM Policy** for **New Node**
   accordingly
#. Click **Update**

Options for New node policy are as follows:

- **Deny MAC**: Deny a MAC Address
- **Deny IP**: Deny an IP Address
- **Deny IP/MAC**: Deny an IP and MAC Address
- **Allow**: Allow an IP and MAC (default)
- **Enable Change Prevention**: Enable IP Change Prevention for a node’s IP/MAC
- **Enable Conflict Prevention**: Enable IP conflict Prevention for a node’s
  IP/MAC