You can modify the LAN Enforcer settings in the Symantec Endpoint Protection Manager console. The Enforcer must be installed and connected to the Symantec Endpoint Protection Manager before you can configure it to enforce Host Integrity policies on the client.
You can configure the following options for the LAN Enforcer:
Define the Enforcer group description, listen port, and management server list.
Configure the RADIUS server Group. You configure the host name or IP address, authentication port, timeout, shared secret, and number of retransmits. If you configure multiple servers in the group and one goes down, the LAN Enforcer connects to the next server in the list.
Configure a switch or group of switches.
Settings for enabling logging and specifying log file parameters.
Enable and disable local authentication and legacy clients.
Configure the LAN Enforcer working as an NTP client.
If a setting refers to an 802.1x-aware switch, the same instructions apply to configuring wireless access points.