Hi,
I am new to NAC and appreciate you could help me in understanding switch configuration on using Genians.
Current we define switch or trunk port with VLANs on each port.
With Genians, we configure all ports as trunk port?
Genians could detect endpoint and based on policies assign VLAN (IP) to the endpoint?
Thank you.
Greetings Chee Meng Hong!
It is not necessary to configure all of the Switch Ports as Trunk Ports within our NAC Setup. You only need to configure the Trunk Port connected to the Network Sensor. A single Network Sensor can manage all segmented networks (VLANs) through the Trunk Port and detect all endpoints that exist in each VLAN.
Check out the following pages for a better understanding of Genian NAC.
How Genian NAC Works: https://www.genians.com/genian-nac-works/
Installation Guide (All-in-one): https://www.genians.com/docs/install-policy-server-on-a-physical-machine/
Installation Guide (Network Sensor): https://www.genians.com/docs/install-network-sensor-physical-machine/
If you have any more questions, I will be happy to answer them.
Hi Greg,
I am looking for a NAC product which can identify endpoints (wired or wireless) and based on policies, issue VLAN/IP address (with the help of RADIUS, DHCP, Policy servers, etc).
Can Genian NAC does it?
If it can, the switch ports need to configure in such a way that endpoint will receive the correct IP based on policies?
Hi Greg,
In this document for wired connection (https://www.genians.com/knows/5/installation/check-network-connection/), does it mean all ports in switch has to be trunk?
if the port is defined as VLAN 10, can the sensor change it to other VLAN and assign the correct IP of that VLAN?
Wired Network
- Network sensor required connect every single broadcast domain
- Prepare network cable from switch
- Access port: connect to single broadcast domain
- Trunk(802.1q) port: connect to multiple VLAN through single connection
Hello Chee Meng Hong!
Yes. Our NAC solution can identify all endpoints on your network and issue VLAN/IP address. In order to identify the devices, however, you must have a Sensor plugged into a Switch Port. You do not need to configure any of the switch ports or run any special functions to receive the correct IP.
If you wish to monitor groups of endpoints based on settings or details (i.e. endpoints running specific OS, endpoints connected through wireless or wired, etc), you can create policies and customize widgets to relay that information on the main dashboard.
Greetings Chee Meng Hong,
The switch port only has to be Trunked if it is being connected to another Switch. As for the VLAN, our Sensor does not change any of the VLAN configuration you have done. If you have VLAN’s set up, you would follow our Sensor Guide and enter in the VLAN information into the configuration so that the Sensor can read and identify the VLAN and the IP’s connected to those VLAN’s.
If you would like, we can schedule a conference call where we can do a live demo as well as assist you with your issues in real-time so that all your problems will be remediated. If so, please contact us at hello@Genians.com with some time options that are good for you.