Understanding Access Control Policies

Genian NAC uses four main types of network access control policies: IP/MAC Policy, Node Policy, Enforcement Policy, and Wireless LAN Policy.

IP/MAC Policy

IP/MAC Policy allows administrators to manually or automatically control device IP usage. It also controls network access based on IP and MAC.

To use this feature in NAC, you must set the Network Sensor operating mode to Enforcement mode and enable IP management policies. This document describes how to activate IP management policies, prevent IP conflicts and changes, and assign IPs.

• Preparing Access Control using IPAM
• Changing IPAM Policy
• Configuring IP Change Preventions
• Configuring IP Conflict Prevention
• Allowing IP/MAC Based On Time
• Presetting IP management

Node Policy

Node Policy primarily collects information from nodes and allows verification and management of networks that are in compliance with policies. Using Node Policy, you can establish authentication policies based on the node's user authentication method and configure basic settings for endpoint policy compliance.

To set up a Node Policy, you must use an existing node group or create a new one.

Then, go to Management WebUI > Policy > Node Policy > Select Action > Create.

Assign a group to the policy and configure detailed options according to the policy creation procedure.

Reference:

Configuring User Authentication Options

Agent Settings in Node Policy

Managing Nodes

Node Policy Details

Enforcement Policy

While Node Policy is for collecting information from nodes, Enforcement Policy is used to allow/block nodes from accessing the network and to take additional actions. These additional actions include redirection to CWP for policy compliance or endpoint control via agents.

By creating a node group (Managing Node Groups) and then creating an enforcement policy, the blueprint for endpoint control is completed. Then, assign the node group to the enforcement policy to apply the policy to nodes included in the group.

• Creating Permissions
• Creating and Viewing Enforcement Policy for Nodes
• Configuring Agent Action For Enforcement Policy

Wireless LAN Policy

Wireless LAN Policy is used to distribute profiles (AP, Client) and to allow/block targets connecting to Genian Air-Sentry from accessing the network.

To use the access control function in Wireless LAN Policy, Genian Air-Sentry is required.

RADIUS Policy

RADIUS Policy is used to approve/reject user authentication attempts via RADIUS (wireless and wired) and to take additional actions.

These additional actions include configuring ACL, VLAN, Session timeout, and Filter settings on the switch ports to which network-accessed nodes are connected.

To configure policies, you must use an existing user group or create a new one.

Then, go to Management Web Console > Policy > RADIUS Policy > Select Action > Create.

Assign user groups to the policy, add conditions, and then configure detailed policy settings according to the policy creation procedure.

• Radius policy settings