Hello,
I've been give the tasked to create a purgatory VLAN on the company's network so if an unauthorized device (non domain system) is detected on the network, the NAC will instruct the switch to place the device on a particular VLAN that has access to the following:
- Internet only
- Domain controller (only, no other servers accessable) This way, if a machine needs to join the domain, it can.
- not sure if I need to create ACL to deny all traffic from VLAN with the exception of the IPs of the Domain controller (if that is possible).
Once joined to the domain, the NAC will install the agent on the device that will notify the switch to move to a corporate VLAN.
Need some guidance on best way to configure if possible.
Equipment
- Core Switch Procurve 6600 -4XG FW 15.10
- Access/Edge Switches Procurve 3500yl
- Network Access Controller : Forescout Counter Act.
Thanks in advance.
