1 / 18

D-Link Wireless AP with NAP 802.1x solution

D-Link Wireless AP with NAP 802.1x solution. WRPD, Jan, 2008. What ’ s Network Access Protection (NAP).

rogerjohnson
Download Presentation

D-Link Wireless AP with NAP 802.1x solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. D-Link Wireless AP with NAP 802.1x solution WRPD, Jan, 2008

  2. What’s Network Access Protection (NAP) Network Access Protection technology is led by Microsoft, which is policy enforcement technology used in next generation Windows platforms, and provides components and an application programming interface (API) set that help administrators enforce compliance with health policies for network access or communication. According to corporation policy, administrators could enforce compliance with health requirements for network access and communication. NAP requirements: Server: Microsoft Windows Server 2008, Codename “Longhorn” Clients: Microsoft Windows Vista or Microsoft XP SP2 with NAP client Appliances: DWL-3200AP

  3. Network Access Protection (NAP) Overview There are 4 important pillars with NAP architecture, including: Policy Validation, Network Restriction, Remediation and Ongoing Compliance. Policy Validation: Are computers “healthy” – compliant with company’s security policy Network Restriction: Restrict network access based on their health Remediation: Provides necessary updates to become healthy Once healthy, the network restrictions are removed Ongoing Compliance: Changes in computers’ health may dynamically result in network restrictions

  4. Network Access Protection – Walk Through System health servers Corporate Network Restricted Network Remediation servers Here you go Can I have updates? Ongoing policy updates to NPS Policy Server May I have access? Here’s my current health status Requesting access. Here’s my new health status Should this client be restricted based on its health? According to policy, the client is not up to date. Quarantine client, request it to update According to policy, the client is up to date Grant access DWL-3200AP You are given restricted access until fix-up Microsoft network policy server Client Client is granted access to full intranet

  5. NAP 802.1X Flow Chart Not Compliant Enable WPA(2) PEAP and Dynamic VLANon DWL-3200AP 802.1X Authentication Fail Client stays in Guest VLAN Yes Remediation process completed If client compliance status or company policy is changed Success Compliant Policy Compliance Check Client is assigned to Non-compliance VLAN for remediation Client is assigned to Compliance VLAN

  6. Necessary Policies in 802.1X NAP Scenario There are 3 type of polices should be configured under Network Policy Server, which is a component within Microsoft Windows Server 2008 Connection Request Policy This policy determines which connection request is acceptable In 802.1X NAP scenario, only connection request from DWL-3200AP is acceptable Health Policy System Health Validator (SHV) determines which element is needed when validating health status, such like: firewall status, anti-virus status, anti-spyware status and so on Health Policy adopts SHVs to determine which criteria is healthy, for example: “must pass all the SHV checks” is healthy Network Policy Network Policy determines which action is going to take based on the health status

  7. NAP How-to in Brief Microsoft Active Directory Install Active Directory Certificate Services Microsoft Windows Server 2008, Codename “Longhorn” Install Network Policy Server (new version RADIUS server) [Detail] Configure RADIUS setting, correlated with DWL-3200AP [Detail] Configure polices, rules and actions Connection Request Policy [Detail] Health Policy [Detail] (System Health Validator [Detail]) Network Policy [Detail] Microsoft Windows Vista or XP SP2 with NAP client Enable NAP client enforcement feature [Detail] D-Link DWL-3200AP Configure WPA(2)-PEAP and RADIUS setting, correlated with DWL-3200AP [Detail] Enable MSSID with VLAN setting [Detail]

  8. Windows Server 2008 – Network Policy Server [Back]

  9. Windows Server 2008 – RADIUS Setting [Back]

  10. Windows Server 2008 – Connection Request Policy [Back]

  11. Windows Server 2008 – System Health Validator [Back]

  12. Windows Server 2008 – Health Policy [Back]

  13. Windows Server 2008 – Network Policy [Back]

  14. Windows Vista [Back]

  15. DWL-3200AP Configuration 1 DWL-3200AP Configuration Select WPA or WPA2 Enterprise Input the radius server setting 15 D-Link Confidential

  16. DWL-3200AP Configuration 2 Enable VLAN State Select Dynamic to enable dynamic vlan function.

  17. DWL-3200AP 802.1x NAP Test Environment Test Environment VLAN10 Guest VLAN 20 Limited Access VLAN 30 Full Access DWL-3200AP enable WPA(2) PEAP and dynamic vlan setting D-Link switch which support 802.1q VLAN,create v10,v20,v30 for guest vlan, limited access vlan and full access vlan. Microsoft AD/NAP Enforcement/Health check/NPS server Windows Vista Business 17 D-Link Confidential

  18. Network Access Protection - Resources Network Access Protection Web site http://www.microsoft.com/technet/network/nap/default.mspx Introduction to Network Access Protection http://www.microsoft.com/technet/network/nap/napoverview.mspx Network Access Protection Platform Architecture http://www.microsoft.com/technet/network/nap/naparch.mspx Step By Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab http://www.microsoft.com/downloads/details.aspx?FamilyID=8a0925ee-ee06-4dfb-bba2-07605eff0608&displaylang=en Network Access Protection: Frequently Asked Questions http://www.microsoft.com/technet/network/nap/napfaq.mspx Network Access Protection -  TechNet Forums http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=576&SiteID=17

More Related