Extreme Networks

Edson_Moura · ‎08-05-2014

What are the best practices to configure authentication 802.1x, mac authentication, etc on clients running Windows 7?

My main question is: Are you applying re-authentication in the ports of SecureStack and why? if yes, what were the times did you used for this?

Do you recommend to apply re auth?
Did you applying re-auth using Policy Manager or by NAC Manager?

The image 1 show re auth by NAC Manager - Default

c0b421f55e794f6c962c9cdff9acc7f7_RackMultipart20140805-23242-qnao3a-ReAuth-NAC_inline.png

The image 2 show re auth by Policy Manager - Default

c0b421f55e794f6c962c9cdff9acc7f7_RackMultipart20140805-26980-1qnsau1-ReAuth_inline.png

Thanks in advance,

Edson Moura

Edson_Moura · ‎08-05-2014

Hi Tyler,

If I configure re-auth by Port Wizards by Policy Manager, what time will be used for re-auth? Done by Policy Manager or NAC Manager or both?

Or I've to disable re-auth in NAC Manager and only use Policy Manager for this?

Thanks,

Edson Moura

TylerMarcotte · ‎08-05-2014

Hi Edson,

In general we recommend some sort of re-auth in your network to keep the active end systems fresh in NAC. People have used different values depending on their own situations though. Some customers reauth every 4 hours and some reauth every 12 hours or so. Generally once a day reauthentication is a good idea to keep your data fresh.

In regards to where to set it, it should be done through policy manager. The screen you showed in NAC Manager is actually to set the default values when configuring from the port wizard. Using the port wizard in NAC is not generally used on a normal basis. It's there to ease implementation of a fresh NAC installation. We would recommend using Policy Manager for these types of configurations.

Thanks,

-Tyler

Extreme Networks

Question about authentication dot1x and mac on SecureStack - Re-Authentication

Question about authentication dot1x and mac on SecureStack - Re-Authentication