FAQ for macmon NAC
Before contacting our technical or product support, please go through our FAQ—answers to the frequently asked questions.
If you are unable to find an answer to your question, we will be happy to help you. You can contact us by calling +49 30 2325777-0 or by sending an e-mail or by using our contact form.
You can find additional technical information in the macmon service portal under KnowledgeBase.
For macmon SDP we have compiled a separate FAQ.
I have a very heterogeneous network with various switches and routers. Can macmon really cater to my environment?
Yes, macmon operates completely independent of the manufacturer. This means that all the SNMP manageable switches and routers can be controlled using macmon. Therefore we can completely cover even highly heterogeneous environments.
The security requirements in my company are very different - e.g. our research area has to be made highly secure. Can macmon NAC assist you?
Yes, macmon can be used in hybrid operation. This means that only the MAC address is used for authentication in some areas and more properties are used in other areas, like e.g., the IP address, host name and operating system, and in still other areas, even certificates in conjunction with 802.1X.
Though we have modern switches, we do not have much expertise in their administration because we have used only the default features. Do I have to acquire extensive know-how in this regard?
No, this is not necessary. There are a few details that need to be set up, both the macmon partners and macmon support will be happy to provide information about what is needed as well as appropriate support.
What does macmon require from the network infrastructure?
Our requirements are minimal. It should be possible to manage the switches and routers using SNMP V1, V2c or V3 (read and write) or using SSH / Telnet.
How much maintenance is required for macmon?
This is one of the biggest advantages of macmon: the maintenance effort is minimal. Some of our customers have saved a lot of time by implementing macmon because many automatic features, like the dynamic VLAN management or macmon compliance, make the day-to-day work a lot easier.
Can I meet the BSI and ISO specifications using macmon?
Yes, the measure 2.216 of the basic BSI baseline security catalog* and of Article 9.1.2 and 13.1.3 (german) of the ISO 27001:2015-03 standard ("Automatic equipment identification should be considered as a means to authenticate connections from specific locations and equipment") can be completely covered.
*The installation and use of unapproved IT components should be prohibited and the compliance with this prohibition should be checked regularly.
I have heard a lot about 802.1X, why do I need macmon as well?
macmon can considerably simplify the implementation and administration of 802.1X. The implementation is often made possible through macmon by using its own RADIUS server, a simple web GUI and covering even areas that are not 802.1X-compliant. Additional features like VLAN management or event-based responses are impossible or very difficult without the support of macmon.
Supplementary features such as topology display or compliance checking and enforcement are further added values that macmon provides.
The implementation with 802.1X is considered very secure, but I do not want to setup a PKI. Can macmon still be used accordingly?
Yes, the standard can be used with certificates as well as with MAC addresses (MAB Mac Authentication Bypass) or username and password. macmon can therefore use other authentication options than the certificate. Additionally, there is the possibility to cover network areas, which are not able to use the 802.1X standard through the macmon mixed mode. Those areas can then switch to 802.1X gradually, related to modernizing the systems "step by step".
Another option used by many of our customers is to connect to the ActiveDirectoy to use the existing AD device accounts for secure authentication. This provides a significant increase in security compared to the use of MAC addresses.
What is the licensing process of macmon?
macmon is modularly designed and can be licensed in different ways. The basis is the number of MAC addresses (nodes) to be authenticated.
How can I test macmon?
You have several options for working with macmon. The virtual appliance can be quickly integrated with VMWare or HyperV and can be used directly. Alternatively, you can obtain a machine from us or your system vendor. You can obtain the necessary trial license also directly from your partner or from us.
Where can I purchase macmon?
macmon is sold only indirectly across the world. This means that the solution cannot be purchased directly from macmon secure GmbH, but through one of our partners, who also provide support for testing, licensing and implementing the solution. As a partner you can purchase our products and services through our Value Added Distributor.
How can I get support whenever I need help?
You always have at least two options when you need help and support. The sales partner, through whom you purchased macmon, provides support and already knows your environment. In addition, you always have the option to contact us directly. Our support team is based in Berlin and can be reached by phone and email during our business hours.
Is macmon NAC a secure investment equipped for the future?
The team of German developers based in Berlin is constantly expanding macmon and creating new possibilities. New standards, new research results, etc. are continuously and as promptly as possible incorporated into the further development of the software. In addition, integrations with products from other vendors are constantly being created, which allows a powerful integration with the existing environment.
Which operating systems does macmon support?
macmon is available as a physical and virtual appliance for VMware and HyperV. Hence, you do not need to provide or maintain any operating system from your side. The operating systems of the systems to be authenticated do not matter, because our technologies are based on underlying industry standards and macmon also works without an agent.
Is macmon also suitable for small companies?
For smaller companies, macmon offers the NAC smart solution which is available as a complete turnkey package including the implementation.
We want to monitor our LAN and WLAN infrastructure, is that possible with macmon?
Beyond the NAC features—and usually even before using NAC—this is one of the core functionalities of macmon. Monitoring can be done for the whole network or just parts of it, resulting in alarms or logs, or even passing the data to a SIEM solution.
We want to segment our network, how can I use macmon for that?
Dynamic VLAN management is not only suitable for automating existing VLAN concepts, but also for introducing new concepts. By simply categorizing the endpoints on the macmon WebGUI, the VLAN can be assigned automatically.
Can I also manage my inventory with macmon?
Due to the continuous overview of the network, macmon also has an up-to-date status of the existing devices. The systems can be complemented with additional information to manage them directly in macmon, or they can be easily synchronized by linking them to another asset management system, which can provide a solid upgrade to an existing inventory solution.
What analysis and reporting options does macmon offer?
The WebGUI of macmon NAC offers comprehensive system reports on endpoints, network devices, interfaces, VLANs, authentications, monitoring data and events. In addition, custom reports can be created and all information can also be retrieved via the REST API.
Can I also see with macmon what has happened in the past?
The specially created module Past Viewer offers the possibility to store connection data in a separate database for a long time. This way forensic analyses can be made at any time, but also impact analyses for planned maintenance work on the network are of enormous help.
We are a very large company and our locations are spread all over the world. How can I centrally monitor and protect my corporate network with macmon?
The scalable architecture of macmon NAC offers the possibility to operate and centrally manage a whole group of servers instead of just one central server. Thus, high-availability concepts for effective NAC strategies can be implemented. The performance of macmon NAC can be expanded in parallel but also by resources within a central system in such a way that distributed structures can also be covered by a single system. The optimal strategy depends on your expectations and goals and we will be happy to discuss it with you personally.
I don't have the resources to run a NAC solution—can it be operated by a partner or directly by macmon?
Yes, macmon secure offers Network Access Control as a service for this purpose, whereby the service is provided by certified and experienced Managed Service Providers (MSPs). macmon provides various supporting tools and assistance, so that MSPs can offer a high level of service.