ProCurve Network Access Control v8.11

Course overview

This course is designed to prepare network engineers, both ProCurve partners and customers, for the installation, configuration, and management of the ProCurve Network Access Controller (NAC) 800 appliance. The certification exam (HP0-Y15) associated with this course is one of the required exams to achieve MASE – ProCurve Security Solutions Specialist [2008], and ProCurve NAC 800 certified installer status.

Prerequisites

• Adaptive EDGE Fundamentals (v6.11 or higher) and ProCurve Security (v7.31 or higher), and Network Management Using ProCurve Manager v6.41 or ProCurve Network Management v8.11

Audience

This course is designed for ProCurve Networking channel partner systems engineers, network engineers, and network specialists who design and deploy security solutions.

Ways to save

Certification

ProCurve Network Access Control prepares participants for for one of the required exams for MASE - ProCurve Security Solutions Specialist [2008] certification within the HP Certified Professional program. The exam number is HP0-Y15. The certification test is offered at Prometric test centers. For registration information, contact your HP representative or visit
http://www.hp.com/rnd/training/certifications.htm.

Benefits to you

• Attendees will be able to sell and perform services which include design, deployment and support of secure ProCurve networks using the ProCurve NAC 800.

Course objectives

After completing ProCurve Network Access Control, students will be able to:

• Describe the ProCurve ProActive Defense security framework
• Describe the ProCurve Network Access Control solution and its architecture
• Install and configure the ProCurve Network Access Controller 800
• Describe and implement endpoint policy testing
• Describe and implement the DHCP, inline, and 802.1X quarantine methods
• Describe the distributed architecture support and implement high availability operation

Course outline

• ProCurve Security Overview
  • Security challenges
  • Layers of network security
  • Network security process and framework
  • Security standards-based foundation
  • ProCurve ProActive Defense
• Introduction to the ProCurve NAC 800
  • ProCurve NAC 800 features
  • Server type implementations
  • Quarantine methods
  • Client testing methods
  • Endpoint integrity policies and tests
  • Initial setup process using LCD and console
  • Licensing and registration process
  • Configuring NAC tests, policies and policy groups
  • Customizing end-user screens
  • Backup and restore maintenance
  • Endpoint integrity testing implementations
  • Reporting features
• DHCP Quarantine Method
  • DHCP quarantine method operation
  • Setup for networks using VLANs
  • Using shared subnets with DHCP servers
  • Setup for networks without VLANs
  • DHCP quarantine method message flow
  • Deployment considerations
  • Configuring the DHCP quarantine method
  • Adding a quarantine area
  • Router ACLs and static route options
  • Using accessible services for remediation
• Inline Quarantine Method
  • Inline quarantine method operation
  • Inline deployment scenarios
  • Deployment considerations for RSTP and accessible services
  • Inline quarantine method message flow
  • Configuring the Inline quarantine method
• 802.1X Quarantine Method Using IAS
  • 802.1X quarantine method operation
  • 802.1X and RADIUS authentication concepts
  • NAC 800 in an 802.1X environment
  • Deployment options and considerations
  • Using VLANs with the 802.1X quarantine method
  • Endpoint integrity processing in an 802.1X environment
  • Message flow for endpoint integrity postures
  • Deploying the NAC 800 plug-in for IAS
  • DHCP server configuration
  • Switch setup for VLAN, RADIUS, and 802.1X settings
• 802.1X Quarantine Method Using IAS (continued)
  • Switch setup for port mirroring
  • IAS setup for RADIUS clients and remote access policies
  • Installing the NAC 800 plug-in for IAS
  • Preparing the connector file and registry
  • Adding a ProCurve switch as an 802.1X Device
  • NAC 800 plug-in for IAS connector log file
  • Deploying the NAC 800 RADIUS server
  • Switch and NAC 800 configuration steps
  • FreeRADIUS connector log file
  • Deploying the NAC 800 as a proxy
  • External RADIUS server and NAC 800 setup steps
• 802.1X Quarantine Method Using IDM
  • Benefits of using IDM with the NAC 800
  • IDM operation with endpoint integrity support
  • Deploying the NAC 800 with IDM
  • Configuring endpoint integrity support in IDM
  • Configuring the NAC 800 for use with IDM
  • Enforcing endpoint integrity through IDM
  • Using IDM for per-user quarantine
• NAC 800 Distributed Architecture and High Availability
  • Deploying NAC 800s in a distributed environment
  • Management Server control and management functions
  • Enforcement Server endpoint integrity operations
  • Quarantine method options in distributed deployments
  • Multiple Management Servers in a distributed environment
  • Clustering concepts for high availability
  • Implementing clusters of Enforcement Servers
  • Quarantine method requirements in a cluster