Once you've set up LANDesk 802.1X NAC support and defined your compliance security policy, you can use the subsequent ongoing compliance security management tasks described in this section.
Read this section to learn about:
LANDesk 802.1X NAC support is enabled when all of the following conditions exist:
If all of the conditions listed above are met, LANDesk 802.1X NAC support is running on your network.
NOTE: Remember that the LANDesk 802.1X NAC tool is designed to support and extend the security of an existing 802.1X Radius server implementation on your network. LANDesk 802.1X NAC support adds authentication and compliance capabilities to basic 802.1X access control functionality.
Of course, there is flexibility built in to the service and you can customize how NAC handles devices with options such as the Exclusion List and Allow Everyone On. You can also control the level of security by how many and exactly which security content definitions you place in the Compliance group, as well as the number of hours you specify before a compliance security scan runs automatically on connected devices.
By adjusting these options and policy criteria, you can define very strict, complex security policies or simple, lenient security policies, or any level in between. In other words, you have the ability to customize the degree of difficulty, or ease, with which a connecting device can comply with the security criteria you specify.
Most importantly, you can change the nature of your compliance security policy at any time in order to meet constantly changing circumstances and requirements. Just remember that any time you change your compliance security criteria (for example, the contents of the Compliance group in Patch and Compliance), you need to republish NAC settings to your posture validation servers and remediation servers. For information, see Publishing NAC settings.
You can modify and update your compliance security policy at any time.
You do this by changing the content of the Compliance group in the Patch and Compliance tool.
You then must republish the NAC content to posture validation servers and remediation servers. Remember that publishing NAC content sends NAC settings and compliance rules to posture validation servers and any associated patches to remediation servers, while publishing Infrastructure files sends setup and support files (including the security client scanner, trust agent installs, and HTML template pages to remediation servers). (NOTE: Typically, the Infrastructure files only need to be published once to remediation servers. Unlike the NAC content, you don't need to republish these files every time you change the compliance security policy.)
For information, see Defining compliance security criteria in the Patch and Compliance tool.
You can see which devices have been postured and are found to be unhealthy or non-compliant.