I can use your advice or help.
When we run a Qualys scan, it produces random MAC addresses and tries "logging" into some of the appliances for vulnerability testing.
This starts chewing up a chunk of our NAC licenses.
Is there a way to exclude the Qualys scanner IPs or MAC from the NAC so as to not occupy NAC licenses and keep things clean in general?
Any advice or assistance is greatly appreciated!
Best answer by Tomasz
If we are talking about EXOS switches (are we?) the authentication is enabled globally and then you select ports in which you want to authenticate connected devices.
I don't see right now a way to use authentication with Extreme Access Control and not have an end-system in the cache that is used to calculate license usage. You can just 'exclude' ports on which the appliance is connected, by disabling authentication on these ports (or doing 'auth-override' to have just one MAC address authenticated, in the end-system table and consuming end-system license).
Hope that helps,