# Feature

1 General
1.1 Number of Devices Supported
1.2 Number of Networks Supported
1.3 Out-of-Band Configuration
1.4 Infrastructure Agnostic
1.5 Manufacturer Agnostic
1.6 Single Management Console
1.7 Web-based Management Console
1.8 Agentless Operation
1.9 Agent-based Operation
1.1 Secure Communication
1.11 Failure Safe
1.12 High Availability
1.13 Custom Web/Agent Plugins
1.14 RESTful API
2 Node Visibility
2.1 Realtime Detection
2.2 Layer 2 Network Sensor
2.3 Support 802.1Q Trunk Port
2.4 Support Channel Bonding
2.5 Node Information
2.6 Domain/Hostname Detection
2.7 OpenPort Scanning
2.8 Service Detection
2.9 Node Activity Monitoring
2.1 Platform Detection
2.11 Platform Business Information
2.12 Update Platform Database
2.13 Unknown/Wrong Platform Report
2.14 Node Tagging
2.15 DHCP Detection
2.16 Dynamic Grouping
2.17 Custom Fields
3 Network Visibility
3.1 Switch Information
3.2 Connected Switch Port
3.3 Switch Port Description
3.4 Switch Port Shutdown
3.5 Switch Auto Detection
3.6 WLAN Detection
3.7 WLAN Information
3.8 Internal WLAN Detection
3.9 WLAN Connection Monitoring
3.1 Rogue AP Detection
3.11 Physical Location Tracking
3.12 Wireless / Wired Device Mapping
3.13 Wireless Network Sensor
3.14 Wireless Agent Sensor
3.15 Risk Detection
4 Endpoint Visibility
4.1 Agent Support
4.2 Windows Support
4.3 macOS Support
4.4 linux Support
4.5 OS Information

4.6 Hardware Information

4.7 Software Information

4.8 Antivirus Information
4.9 OS Update Information
4.1 Periodic Check
4.12 Periodic Custom Check
4.13 WMI Support
4.14 Ad-hoc Network Detection
4.15 Agent Download Page
4.16 Deploy Agent by GPO
4.17 Non Kernel-based Agent
4.18 Automated Upgrade
4.19 Segmented Upgrade
4.2 Authcode for Agent Deletion
4.21 Hide Agent
4.22 Self Protection
5 Network Access Control
5.1 Device Authentication
5.2 Identity-based Access Control
5.3 Compliance Status-based Access
5.4 Control
Role-based Access Grant
5.5 Real-time Policy Change
5.6 Captive Web Portal (CWP)
5.7 Customizable CWP
5.8 Custom Button
5.9 Consent Page
5.1 Out-of-Band Enforcement
5.11 Layer 2 Enforcement
5.12 Layer 3 Enforcement
5.13 Switch Port Control
5.14 Network Sensor Mode
5.15 Agent-based Access Control
6 User Authentication
6.1 Captive Portal-based
6.2 Authentication
Agent-based Authentication
6.3 Password Strength
6.4 Inactive User Lockout
6.5 Regular Password Change
 6.6 Temporary Password for New
6.7 User
Two-Factor Authentication
6.8 Automatic Logout
6.9 Automatic Logout for Inactivity
6.1 Periodic Reauthentication
6.11 Authentication at Startup
6.12 Limit Maximum Authenticated
6.13 Devices
Local User Database
6.14 User Registration
6.15 Active Directory Integration
6.16 Authentication Integration
6.17 External User Directories
6.18 User Database Synchronization
6.19 RADIUS Server
6.2 MAC Authentication Bypass
6.21 802.1X based Access Control
6.22 Supports Active Directory
6.23 Supports Webhook
6.24 Supports EAP-GTC
6.25 RADIUS Server Separation
7 IP Address Management
7.1 Real-time IP Usage Monitoring
7.2 IP Usage Tracking
IP Matrix View
7.3 IP Policy
7.4 IP/MAC Lifetime
7.5 IP User Restriction
7.6 IP Conflict Prevention
7.7 IP Change Block
7.8 DHCP Server
7.9 IP Request / Approval
8 Endpoint Configuration
Management
 8.1 Enforce Antivirus Software
8.2 Change Computer Name
8.3 Check Logon Password
8.4 Change Windows Settings
8.5 ARP Spoofing Protection
8.6 Control DNS
8.7 Control Folder Sharing
8.8 Control Application
8.9 Control Internet Options
8.1 Control Screen Lock
8.11 Multi-homed Control
8.12 Control WLAN
8.13 Control Process
8.14 User Notification
8.15 Run Scripts
8.16 Wireless Connection Manager
9 Patch Management
9.1 Enforce Windows Update Settings
9.2 Install Windows Updates
9.3 (Delayed) Automatic Approval
9.4 Offline Windows Updates
9.5 Support WSUS
9.6 Update File Cache Server
10 External Device Control
10.1 Disabling Connected Device
10.2 USB Device Control
10.3 Device Usage Request / Approval
11 Audit and Report
11.1 Keep Logs
11.2 Searching Logs
11.3 Log Filter
11.4 Real-time Log Monitor
 11.5 Tagging Node Using Log Filter
11.6 Notification
11.7 Out-bound Integration
11.8 Syslog Server
11.9 Receive SNMP traps
11.1 Default Reports
11.11 Custom Reports
11.12 CSV Export
12 Administration
12.1 Customizable Dashboard
12.2 Personalized Dashboard
12.3 Geo Dashboard
12.4 Backup
12.5 Role based Administrator
12.6 Management Scope
12.7 Change Tracking
12.8 Software Update
12.9 SNMP Support
12.1 Two-Factor Authentication
Description

Support up to 300,000 nodes for visibility and control

Support up to 20,000 segmented networks for visibility and control
Support out-of-band configuration for collecting node information and control network access
Deploy without changing the existing network topology and configuration
Operate without relying on vendor specific networking devices
Set up and operate all functions through a single management console
Provide a web-based management console
Perform network access control functions without Agents
Collect detailed information (e.g. h/w, s/w, peripherals) of endpoint and control the desktop configuration using Agents
Exchange data through encrypted secure communications
Suspend its function to prevent network service outages in the event of a system failure
Provide a high availability configuration (Active-Standby)
Provide a customization service (Web UI and Agent plugins)
Provide a RESTful API to integrate with other systems

Detect devices connecting to the network in real time

Monitor network activities (e.g. ARP, DHCP, etc.) at Layer 2
Support 802.1Q VLAN trunk port to manage multiple VLANs
Provide channel bonding or link aggregation for connection to redundant switches
Provide detail information of detected nodes (e.g. IP, MAC, NIC vendor, connectivity, authentication, etc.)
Detect the NetBIOS domain/hostname of the network node
Detect any devices scanning Open Ports
Detect network services such as DHCP, SMB, DNS, SMTP, TELNET, HTTP, HTTPS and SNMP provided by network node
Provide node status information (system up / down), which is updated within 1 minute if status changes
Detect device platform information (e.g. type, manufacturer and model information, etc.)
Provide information about the status of platform manufacturer (out of business, acquisition) and product (EOL, EOS)
Automatically update the latest platform information at least once a week
Provide the reporting capability (manual or automated) for any information detected incorrectly
Create tags, set them on nodes, and release them when necessary. Establish policy via tags.
Provide a monitoring function to identify that the network node has been assigned IP through DHCP
Set conditions for nodes requiring access control and provide ability to automatically classify nodes that meet those conditions. Conditions
must befields
Create definable for alladministrator
that allow items collected by thecustom
to enter NAC system.
data for each node

Provide the link status, duplex, speed, utilization, security setting, and 802.1X configuration information of the switch and each port
through SNMP
Provide the integration
switch name and port information to which the node is connected
Change the description of the switch port via SNMP
Execute administrative shutdown of the switch port via SNMP
Automatically register the switch using the node SNMP service detection information
Detect neighbors' Access Point information in real time through network sensors and agents
Provide SSID, security setting, channel, signal strength, location, and detection time information for the detected wireless LAN Access
Point
Automatically detect that the access point is connected to the internal network
Provide a list of stations that are connected to the Access Point and be able to identify which stations are known on the internal network
Identify any Access Points not acknowledged by network administrator
Discover the physical location of AP
Provide wired-LAN information of the device providing the wireless-LAN access point
Collect wireless LAN information through a network sensor equipped with a wireless LAN interface
Collect wireless LAN information through an agent-installed PC with a wireless LAN interface
Provide Layer 2-based risk detection (abnormal traffic), including:
- Invalid DHCP Server

Provide Windows and macOS Agents to present more details in real-time and control endpoint system cofiguration
Provide Agent-based functions to Windows (XP or higher)
Provide Agent-based functions to macOS 10.10 (Yosemite)

Provide the following information and detect any changes in real time:
- OS Name, Version, Service Pack, Language, Login User, Install Time
- Login Password, Screen Lock, IE Version, Shared Folder, etc.
Provide the following hardware information and detect any changes in real time:
- Motherboard, CPU, Memory, Storage, Network Interface Card, Battery, USB Device, Monitor, Printer, etc.
Provide software information and detect any changes in real time:
- Software
Provide name,software
antivirus version, information
path, date of
andinstallation,
detect anyetc.
changes in real time:
- Antivirus
Provide OSname,
updateversion, Whether
information and real-time
detect anymonitoring
changes inis real
enabled,
time: Latest update time, Latest scan time
- State the
Update of update
policy installation, Installed
server only when updateoccur
changes name,
in Settings
real time of
orupdate service
periodically
Provide the following options to check information periodically, based on your requirements:
- File presence, Hash, Date
Provide system information collection through the WMI interface
Detect network interfaces that are not authorized by the administrator
Provide a custom webpage to download Agent
Deploy Agent through a GPO in Active Directory
Operate as a user-level application to minimize system malfunctions and performance impact
Automatically upgrade without user involvement
Perform upgrades on segmented targets
Allow to delete Agent by only authorization code, which is provided by the administrator.
Provide the following options to hide Agent:
- Agent Agent
Prevent installation
being removed or terminated by the end user

Provide device access control based on MAC address so that devices with unauthorized MAC addresses can connect to network after
receiving administrator's
Provide access authorization
control based on device identity, which will be measured by the following options:
- Node type
Provide access control if a device is not compliant. The compliance status will be measured by the following options:
- Required software access
Establish a different install control policy based on the role of user and device, and grant access to appropriate network, service, and
time zone
Update by privilege
policies in real time
Redirect HTTP (or HTTPS) requests to a custom web page to be remediated or access to right network resources
Modify the messages and UI in the CWP
Customize the buttons in the CWP to meet your requirements. The options will be provided like below:
- External
Provide page link
consent page including terms and conditions for users connecting to the network. In addition, get custom data from users during
the onboarding
Provide process
out-of-band enforcement to prevent network service disruption in the event of a system malfunction
Provide Layer 2-based access control using ARP Enforement
Provide Layer 3-based access control using Mirrorring (SPAN) ports
Control (shutdown) a switch port if non-compliant devices are connected
Control Network Sensor mode: Monitor only or Policy Enforcement
Control endpoints' Network Inferface and power using Agent

Provide user authentication through CWP

Provide user authentication through Agent
Provide the following password strength-setting features:
- Minimum/maximum
Lockout inactive userslength limit period of time
for a certain
Guide or enforce password changes at regular intervals
Provide temporary password functionality for new users. User can update their password after login
Provide two-factor authentication via text message or email
Automatically log out after a certain period of time post-login
Automatically log out if there is no activity for a certain period of time post-login
Re-authenticate users on a regular basis (Daily, Weekly, Monthly, Day of Week, Date, Time)
Perform user authentication whenever the endpoint is restarted
Limit the maximum # of IP, MAC addresses, and devices that can be authenticated by a user at any given time
Provide user and group management capabilities
Provide custom web pages for user registration. Set different management rules for super admin, sponsor, etc.
Read the Active Directory Domain User information through the Agent and replace it with the authenticated user of the node
Integrate with the following systems to get user authentication information:
- RDBMS
Support theIntegration
following user directories:
- RADIUS
Sync Server
up with the following user directories:
Provide PAP, CHAPMSSQL,
- RDBMS (Oracle, MySQL,forPostgreSQL,
authentication DB2) clients
external RADIUS
Provide a MAC Authentication Bypass (MAB) function for non-802.1X-capable devices
Support RADIUS EAP for 802.1X authentication services
Domain controller interworking provides 802.1X authentication through Active Directory
Provides a Webhook function to check user credentials from external systems
Provides an EAP-GTC Supplicant module for Windows for 802.1X configuration using Legacy Password
Separates RADIUS Server Separation of remote access and user authentication

Monitor current IP usage in real-time. (Used IP, unused IP, IP conflict, IP shortage)
Keep the history of IP usages (past 12 months) and retrieve node information with IP address at a specific time if needed
Manage IP usage through the Matrix View Table, where administrators are able to select and visualize the desired IP state
Use only authorized IP through the IP policy in the network
Set the lifetime of an IP or MAC to be valid for a specific period of time
Specify which users can perform user authentication only on a specific IP
Protect important IP's by enabling only an authorized MAC through the IP policy to use a specific IP. If an unauthorized MAC attempts to
use a protected
Restrict IP, it must
unauthorized provideby
IP changes a GARP response
restricting the IP to prevent
that IP use.
a particular If andevice
MAC IP collision
can useoccurs, a detox ARP transmission function
should be provided to minimize service interruption
Provide a DHCP service that supports IP-helper addresses. For IP assignment requests, IP must be assigned only to authorized devices
according
Provide IPto IP policies
request and approval system for unauthorized IP (Guest, BYOD)
(Windows) Change the Antivirus software configuration for Windows machines
(Windows) Change the computer name to the specified template format
(Windows) Provide password checking for local accounts, including:
- Same with
(Windows) Geniana NAC
Provide password
security policy function that includes:
configuration
- DisablingProvide
(Windows) Guest Account
Static ARP management to prevent ARP spoofing
(Windows) Provide DNS configuration and hosts' file management
(Windows) Control the folder sharing settings
(Windows) Install new applications or delete installed applications
(Windows) Provide Internet option configuration function that includes:
- Homepage
(Windows) Enforce screen lock-related settings
Inspect PCs connected to multiple networks at the same time control the network interface connection according to specified conditions
(Windows) Disable the wireless LAN interface or prohibit Soft AP operation
(Windows) Terminate run of specified process(es)
Provide users with the ability to deliver key events or manager messages via pop-up windows
(Windows) Provide the ability to run batch files or VB Scripts set by the administrator
(Windows) Provide ability to provision profiles for wireless LAN connection and control SSIDs accessible through the whitelist

(Windows) Enforce Windows Update settings

(Windows) Perform installation at a given point in time (immediately, at system shutdown, or designated time) for administrator approved
updates
(Windows) Automatically approve immediately when new patches are released, or automatically approve after a certain period of time
(Windows) Install Windows Update on endpoints that do not have Internet connectivity. Provide software that downloads update files from
an Internet-enabled
(Windows) environment and
Provide interoperability copies
with patches
the existing to thesystem
WSUS NAC system on the closed network

(Windows) Provide the update file cache function through the network sensor equipped with the HDD so that the network bandwidth
usage can be reduced when downloading the update file of the sensor managed node

(Windows) Provide a function to keep the device in a disabled state when connecting to a device by setting a block policy using Name,
Class, Type,
(Windows) Description
Establish forthrough
policy the device connected
vendor, model,toserial
the system.
No. for devices connected through USB interface and to keep it in a disabled
state when Provide
(Windows) connected
theto the corresponding
service device.
to use a device for a specified period of time through the administrative approval process

Retains a minimum of 12 months of audit records

Query and retrieve audit records through the management console
Save specific search conditions and retrieve only the audit records that match those conditions
Monitor logs generated in real time
Set tag on node where log is matched to a specific log filter, and provide the ability to change the policy when an event occurs
Send an alarm to the administrator when an audit record meets a specific search condition
Integrate with the external system to share audit information that meet specific search conditions:
- Syslogthe syslog that occurred in the external system (e.g. FireEye) and set the tag of the node to apply the policy
Receive
Receive the SNMP Trap generated from the external system, store it as an audit record, and provide the function to tag the node
Provide the following basic reporting capabilities:
- Node Group
Provide trend custom report capabilities:
the following
- Number
Provide theofexport
nodesfunction in CSV format for the data provided by the product

Provide customizable dashboard functionality

Provide a personalized dashboard for each administrator
Support a dashboard that provides location-based node monitoring
Provide a backup function that includes the following methods:
- External
Control theStorage
level of access based on an administrator role to use certain functions and menus
Control the scope of management for each administrator
Audit all administrators' settings and policy changes, including pre-change values
Verify the latest software changes through the management console and be able to perform the upgrade after downloading
Support SNMP to manage NAC
Provide administrator authentication through two factor authentication
 HPE ClearPass
HPE ClearPass
Genians Genian Forescout Cisco ISE HPE ClearPass Infoexpress Easy NAC
NAC

300k 40 nodes each

1 Million
supporting upto a max of 100,000 End points100k No Information
20,000 25,000+ N/A N/A No Information
Yes Yes No No Yes
Yes No No No Yes
Yes Yes No No Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes No No No
Yes Yes Yes Yes Yes
Yes Yes No No Yes
Yes Yes Yes Yes No
Yes Yes No Yes(Web only) No
Yes Yes (plugins) Yes Yes No Information

Yes Yes Yes Yes Yes

Yes No No Yes Yes
Yes Yes No No Yes
Yes No Yes Yes No
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes No Yes Yes
Yes Yes No Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes No No No No
Yes Yes Yes Yes No
Yes No No No No
Yes Yes Yes Yes No Information
Yes Yes Yes Yes Yes
Yes Yes No No Yes
Yes No No No No

Yes No No Yes(Need Airwave/Aruba controller over 8.0) No

Yes Yes Yes Yes No
Yes Yes No No No
Yes Yes No No No
Yes Yes No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Airwave/Aruba controller) No
Yes No No Yes(Need Aruba controller) No
Yes No No No No
Yes Yes No Yes(Need Aruba RFProtect module) Yes

Yes Yes Yes Yes No

Yes Yes Yes Yes(Windows 7 above) No
Yes Yes Yes Yes No
Yes No
No
Yes No No Yes

Yes No No No No

Yes Yes No No No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes No Yes No
Yes No No Yes(RFProtect or WIPS) No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes No Yes No
Yes Yes No No No
Yes Yes No No No
Yes Yes No No No
Yes Yes No No No

Yes Yes Yes Yes Yes

Yes Yes No No Yes
Yes Yes Yes Yes No
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes (HTTP only)Yes (HTTP only) Yes(HTTP only) Yes
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No
Yes Yes No No Yes
Yes No No No Yes
Yes Yes No No(Correct information only) No
Yes Yes Yes Yes No
Yes Yes Yes No Yes
Yes Yes No No No

Yes Yes Yes Yes Yes

Yes Yes Yes Yes No
Yes Yes Yes Yes Yes
Yes No No No No Information
Yes No No No No Information
Yes No No No No Information
Yes Yes Yes Yes No Information
Yes No No No No Information
Yes No No No No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes No No No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes(AD, RADIUS, LDAP) Yes
Yes Yes No No No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes No No No No
Yes No No Yes No
Yes Yes Yes Yes No

Yes No No Yes(Need Airwave) No

Yes No No Yes(Need Airwave) No
Yes No No No No
Yes Yes No No No
Yes No No Yes(DHCP Lease time only) No
Yes Yes No No No
Yes No No No No
Yes No No No No
Yes No Yes Yes(Need Aruba controller) No
Yes No No No No
Yes Yes No No No
Yes Yes No Yes No
Yes Yes No No No
Yes Yes No Yes(Firewall only) No
Yes No No No No
Yes No No No No
Yes No No No No
Yes Yes No No No
Yes No No No No
Yes No No No No
Yes Yes No No No
Yes No No No No
Yes Yes Yes Yes No
Yes Yes Yes Yes No
Yes Yes No Yes No
Yes No No Yes No

Yes Yes Yes Yes No

Yes Yes No No No
Yes No No Yes No
Yes No No No No
Yes Yes Yes No No
Yes No No No No

Yes Yes No Yes(Approves the use of USB storage) No

Yes Yes No No No
Yes No No No No

Yes No Yes No No Information

Yes Yes Yes Yes No Information
Yes No Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes No No No Information
Yes Yes No Yes No Information
Yes Yes No Yes No Information
Yes Yes No Yes No Information
Yes Yes Yes Yes No Information

Yes No Yes Yes No Information

Yes Yes Yes Yes No Information
Yes No No Information
Yes Yes Yes Yes(SFTP, SCP) No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes Yes Yes Yes No Information
Yes No No Yes No Information
Yes No Information
Yes Yes No Yes No Information
 Initial Deployment Tasks
Verify all Wireless Controllers or APs support basic RADIUS Authentication
Verify all Wireless Controllers or APs support RADIUS MAC Authentication (MAB)
Verify all Wireless Controllers or APs support RADIUS Change of Authorization (CoA)
Verify all Wireless Controllers or APs support Captive Portal for BYOD/Guest
Verify all Switches support basic RADIUS Authentication
Verify all Switches support RADIUS MAC Authentication (MAB)
Verify all Switches support RADIUS Change of Authorization (CoA)
Verify all Switches support Captive Portal for BYOD/Guest
Configure all Wireless Controllers or APs for basic RADIUS Authentication
Configure all Wireless Controllers or APs for RADIUS MAC Authentication (MAB)
Configure all Wireless Controllers or APs for RADIUS Change of Authorization (CoA)
Configure all Wireless Controllers or APs for Captive Portal for BYOD/Guest
Configure Quarantine VLAN on all Wireless Controllers or APs
Configure all Switches for basic RADIUS Authentication
Configure all Switches for RADIUS MAC Authentication (MAB)
Configure all Switches for RADIUS Change of Authorization (CoA)
Configure all Switches for Captive Portal for BYOD/Guest
Configure Quarantine VLAN on all Switches
NOTE - Some vendors also require multiple ACL or Profile Configurations
Add all Wireless Controllers or APs to RADIUS Server
Add all Switches to RADIUS Server
Test all Wireless Controllers or APs for basic RADIUS Authentication
Test all Wireless Controllers or APs for RADIUS MAC Authentication (MAB)
Test all Wireless Controllers or APs for RADIUS Change of Authorization (CoA)
Test all Wireless Controllers or APs for Captive Portal for BYOD/Guest
Test Quarantine VLAN on all Wireless Controllers or APs
Test all Switches for basic RADIUS Authentication
Test all Switches for RADIUS MAC Authentication (MAB)
Test all Switches for RADIUS Change of Authorization (CoA)
Test all Switches for Captive Portal for BYOD/Guest
Test Quarantine VLAN on all Switches
NOTE - This may require configuring test SSIDs, ports, VLANs, ACLs
Purchase RADIUS Server High Availability Option
Configure RADIUS Server High Availability Option
Test RADIUS Server High Availability Option
Integrate RADIUS Server HA Cluster with Active Directory
Join each RADIUS Server to Active Directory Domain
Configure Failover Option in RADIUS Server Cluster for Primary AD Server Failure
After Network Refresh
Verify all Wireless Controllers or APs support basic RADIUS Authentication
Verify all Wireless Controllers or APs support RADIUS MAC Authentication (MAB)
Verify all Wireless Controllers or APs support RADIUS Change of Authorization (CoA)
Verify all Wireless Controllers or APs support Captive Portal for BYOD/Guest
Verify all Switches support basic RADIUS Authentication
Verify all Switches support RADIUS MAC Authentication (MAB)
Verify all Switches support RADIUS Change of Authorization (CoA)
Verify all Switches support Captive Portal for BYOD/Guest
Configure all Wireless Controllers or APs for basic RADIUS Authentication
Configure all Wireless Controllers or APs for RADIUS MAC Authentication (MAB)
Configure all Wireless Controllers or APs for RADIUS Change of Authorization (CoA)
Configure all Wireless Controllers or APs for Captive Portal for BYOD/Guest
Configure Quarantine VLAN on all Wireless Controllers or APs
Configure all Switches for basic RADIUS Authentication
Configure all Switches for RADIUS MAC Authentication (MAB)
Configure all Switches for RADIUS Change of Authorization (CoA)
Configure all Switches for Captive Portal for BYOD/Guest
Configure Quarantine VLAN on all Switches
NOTE - Some vendors also require multiple ACL or Profile Configurations
Add all Wireless Controllers or APs to RADIUS Server
Add all Switches to RADIUS Server
Test all Wireless Controllers or APs for basic RADIUS Authentication
Test all Wireless Controllers or APs for RADIUS MAC Authentication (MAB)
Test all Wireless Controllers or APs for RADIUS Change of Authorization (CoA)
Test all Wireless Controllers or APs for Captive Portal for BYOD/Guest
Test Quarantine VLAN on all Wireless Controllers or APs
Test all Switches for basic RADIUS Authentication
Test all Switches for RADIUS MAC Authentication (MAB)
Test all Switches for RADIUS Change of Authorization (CoA)
Test all Switches for Captive Portal for BYOD/Guest
Test Quarantine VLAN on all Switches
NOTE - This may require configuring test SSIDs, ports, VLANs, ACLs
Purchase RADIUS Server High Availability Option
Configure RADIUS Server High Availability Option
Test RADIUS Server High Availability Option
Integrate RADIUS Server HA Cluster with Active Directory
Join each RADIUS Server to Active Directory Domain
Configure Failover Option in RADIUS Server Cluster for Primary AD Server Failure
Connect Network Sensor to Trunk Port
Test ARP Enforcement Policies
RADIUS Deployment with ISE, Clearpass or Other
Required
Required
Required
Required
Required
Required
Required
Required
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Required
Required
Required
RADIUS Deployment with ISE, Clearpass or Other
Required
Required
Required
Required
Required
Required
Required
 Required
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Potentially (per vendor)
Required
Required
Required
Required
Required
Required
Required
Not Required
Not Required
Genians ARP Enforcement Sensor Deployment
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Genians ARP Enforcement Sensor Deployment
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
 Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required
Not Required*
*ARP is Truly Vendor Agnostic