Understanding Access Control Policies
Genian NAC uses four main types of network access control policies: IP/MAC Policy, Node Policy, Enforcement Policy, and Wireless LAN Policy.
IP/MAC Policy
IP/MAC Policy allows administrators to manually or automatically control device IP usage. It also controls network access based on IP and MAC.
To use this feature in NAC, you must set the Network Sensor operating mode to Enforcement mode and enable IP management policies. This document describes how to activate IP management policies, prevent IP conflicts and changes, and assign IPs.
Node Policy
Node Policy primarily collects information from nodes and allows verification and management of networks that are in compliance with policies. Using Node Policy, you can establish authentication policies based on the node's user authentication method and configure basic settings for endpoint policy compliance.
To set up a Node Policy, you must use an existing node group or create a new one.
Then, go to Management WebUI > Policy > Node Policy > Select Action > Create.
Assign a group to the policy and configure detailed options according to the policy creation procedure.
Enforcement Policy
While Node Policy is for collecting information from nodes, Enforcement Policy is used to allow/block nodes from accessing the network and to take additional actions. These additional actions include redirection to CWP for policy compliance or endpoint control via agents.
By creating a node group (Managing Node Groups) and then creating an enforcement policy, the blueprint for endpoint control is completed. Then, assign the node group to the enforcement policy to apply the policy to nodes included in the group.
Wireless LAN Policy
Wireless LAN Policy is used to distribute profiles (AP, Client) and to allow/block targets connecting to Genian Air-Sentry from accessing the network.
To use the access control function in Wireless LAN Policy, Genian Air-Sentry is required.
RADIUS Policy
To configure policies, you must use an existing user group or create a new one.
Then, go to Management Web Console > Policy > RADIUS Policy > Select Action > Create.
Assign user groups to the policy, add conditions, and then configure detailed policy settings according to the policy creation procedure.