A couple of questions for people running MS NAP;
1) Can it be installed on the domain controller?
2) Does it work with devices running OSx or mobile platforms?
3) In terms of setting it up - hassle or easy?
4) When a device is 'authenticated', where does it pick up an IP? Can I set all 'foreign' devices to pick up from a different range/scope?
Cheers in advance,
1) NAP is effectively controlled by the NPS role. This can be on a DC but in our case we found NPS was peaking the DC due to the number of authentications and so we moved it to its own server.
2) I think there is a Linux NAP client but I haven't really looked. I would lean towards no for OSx, etc. NAP is tied very strongly to the Microsoft Security Center and so it's natural it is not on other platforms.
3) NAP can tie in with 802.1X, DHCP, VPN, etc. Essentially it is easy if you make good use of the Event Viewer on the NPS server, but this is based purely on your skill level with whatever form you choose.
4) Assuming you mean 802.1X (this is not NAP), NPS tells the switch to set a port after authentication to the chosen VLAN for that user. The IP comes from your DHCP server. As for 'foreign' devices, if they fail you can put them to another VLAN such as Guest or leave them in what I call the Remediation VLAN which gives them very little as a non-domain user.
If you build a test environment, make sure it works as expected prior to introducing NAP to keep it simple (ie. if 802.1X is your choice, get this right before adding NAP components).
There are currently 1 users browsing this thread. (0 members and 1 guests)