Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following diagram shows how NAP is deployed with network access devices.
Figure 5: NAP deployment with network access devices
Network Access Devices are Layer Two ([ISO/IEC-7498-1]) network switches that use IEEE 802.1x access protocols to control access to enterprise networks such as wireless network access and wired Ethernet switches. A client authenticates and gets authorization from the Network Access Device by using the 802.1x protocol. NAP extends this authentication and authorization phase by using EAP ([RFC2716]) and EAP transports the SoH request/response protocol ([TNC-IF-TNCCSPBSoH]) between the client and Network Access Device, and then the Network Access Device uses RADIUS to transport the next hop from Network Access Device to the Network Policy Server. The NAP health policy server (NPS) evaluates the client's SoH request against network policy constraints.
If the NPS determines that the client requires remediation, the NAP enforcement point (NEP) does one of the following:
Installs IP filters.
Puts the client on a restricted remediation network such as a virtual LAN, to allow the client to access network resources required for remediation, such as software distribution servers with up-to-date software, group policy servers, or configuration file servers.
After remediation the client can retry to gain full access to the enterprise network.