Port-Based Network Access Control (also reffered to as "Port-Based NAC" or "PNAC"), is a security solution and prohibits access to the network by devices that are not registered. Second to the limited access for the safe network the "PNAC" checks if patches and updates on the client are needed.
If a device is not in the database, it will automatically moved to the guest network, if there is a fuction implemented that allows this to happen. This function can be implemented on the switch or on a submitted port. Even so this function decreases the security, because everyone can have access to the assigned network and is therefore not recommended. If you decide to use this function it will connect with the server. After it is connected, patches and/or updates will follow and alarm messages will send the information to the IT department.
To add a new computer for the database you need to enter de VLAN the MAC-Address and the Site. To have an overview to every component, every switch was added in the "PNAC" modul, in the "Active Network Componets" field to be exact. You have to enter the IP address and the name of the switch so that the radius server can assign a reguest to a switch or a switchgroup. You can define new sets of rules for access on the switchgoups.
Most of the time one or two Vlans are defined in a small company. One for intern purposes and one for the guests, if you decide to implement this feature. The VLAN is, based on the device, automatically assigned to the switch-port. This makes sure, that the device is alsways in the correct VLAN. The VLAN configuration is on the switch1, but you also have to add it in the "PNAC". Unknown devices are either rejected or, as already mentioned, has its own VLAN, the guest VLAN.