I’m looking for a solution to have a e-mail notification, when endsystems hit reject rule, but with a kind of delay.
NAC catchall rule is configured for reject. For reject events, a alarm is configured with action e-mail.
Windows Clients running 802.1X (EAP-TLS).
As 802.1X supplicant starts when windows is started, the switch is doing a mac-auth, in pre-windows-start-time, which hits the catch-all (reject) rule.
This results in a lot of false-positive alarms, because a few seconds or minutes later (depending on system boot time and speed) the system is authenticated correctly via 802.1X.
Is there a way to create a double check or a time-delay or something in this way that the alarm is only set, when reject status occurs over 1 minute or so?