Quickstart task list for LANDesk 802.1X NAC

Use this task list to complete the planning, setup, and configuration tasks required to implement 802.1X NAC support on your network.

You can print this task list and refer to it to track each step during the implementation process. If you're viewing this task list online, click the For more information link to view detailed information for a particular task.

Done	Task	For more information, go to
	Prerequisite: A core server must be installed and running on your network, activated with a Security Suite license and security content subscriptions: Install the core server Activate the core with a Security Suite license Log in as an Administrator user or as a user with the Security right (allows downloading security content and copying it to the Compliance group)	For information on using the Patch and Compliance tool, see Patch and Compliance For information on the 802.1X NAC components and process workflow, see Understanding the 802.1X NAC components and process. For information on network topology and design considerations for a 802.1X NAC implementation, see Network topology and design considerations.
	Set up a remediation server: On a separate server machine, Run the CONFIGURE.REMEDIATION.SERVER.VBS setup script located in: <coreserver>\LDMain\Install\TrustedAccess\RemediationServer NOTE: This script automatically configures the server to perform remediation by: • creating a Web share named LDLogon (typically) at: c:\inetpub\wwwroot\LDLogon • enabling anonymous access to the LDLogon share with Read and Browse rights • adding a new MIME type for .lrd files, and setting it to application/octet-stream	Setting up and configuring a remediation server
	Configure (add) the remediation server in the console: In Network Access Control, right-click 802.1X, click Configure 802.1X, click Remediation servers, and then click Add Enter the remediation server IP address, the UNC path to the LDLogon Web share you've created on the remediation server where files are published, and user access credentials, and then click OK	Setting up and configuring a remediation server
	Publish NAC settings to remediation servers: In Network Access Control, right-click 802.1X, click Publish NAC settings, select All, and then click OK NOTE: The initial publishing process must include ALL of the NAC settings; subsequent publishing can include compliance content only	Publishing NAC settings
	Define compliance security criteria with the Patch and Compliance tool: In the console's Patch and Compliance tool, Download security content definitions and patches Add security definitions to the Compliance group in order to define your compliance security policy Make sure associated patches are downloaded and available for deployment Create a compliance setting that enforces 802.1X supported scans (The 802.1X NAC compliance security policy is also defined by the automatic quarantine time setting on the device agent configuration.)	Defining compliance security criteria in the Patch and Compliance tool
	Enable 802.1X NAC support, and configure the 802.1X Radius server or proxy in the console: In Network Access Control, right-click 802.1X, click Configure 802.1X, click Radius server, first make sure the Enable 802.1X Radius server option is selected, select the EAP type, and then select to use the LTA EAP IAS plug-in or the LTA Radius proxy (requires proxy settings configuration)	Setting up a 802.1X Radius server or proxy
	Install the 802.1X agent on managed devices to enable compliance scanning: (NOTE: When deploying the 802.1X agent, you must specify the quarantine network addressing method for unhealthy devices. Quarantine addressing can be handled by a self-assigned IP address range or by DHCP in the quarantine network. You configure this addressing scheme on the router.) For managed employee devices: If they already have the standard LANDesk agent, enable 802.1X support with a new device agent configuration Or, if they don't have the standard agent, enable 802.1X support with the initial agent configuration Or, enable 802.1X support with an agent configuration to devices in UDD For unmanaged employee devices: Enable 802.1X support by pulling with the standard agent (wscfg32.exe) Or, by using a self-contained Agent Configuration	Deploying the LANDesk 802.1X NAC agent to managed devices
	Configure your network switch for 802.1X authentication, quarantine, and remediation: Go to the Support site for recommendations and sample configurations	Configuring a switch and router for LANDesk 802.1X NAC support
	Configure your network router to provide security between the production network and the 802.1X quarantine network: Go to the Support site for recommendations and sample configurations	Configuring a switch and router for LANDesk 802.1X NAC support
	Ensure the authentication and posture validation process is working properly: Try a simple test of 802.1X NAC by connecting a device configured with LANDesk 802.1X NAC support to the network.
	Perform ongoing compliance security management tasks: Making sure 802.1X NAC support is enabled Understanding what happens when connecting devices are postured Viewing non-compliant devices Modifying and updating compliance security policies Adding unmanaged devices Configuring and viewing compliance logging	Managing 802.1X NAC compliance security

To return to the main section for LANDesk 802.1X NAC, see Using LANDesk 802.1X NAC.