ExtremeControl

 Switch Management Access using NAC Rules all AD User can authentificat

Jump to Best Answer
DeoHeo's profile image
DeoHeo posted 08-30-2021 16:15

 

Hello community,

I am a little confused about the following issue:

I configured the switch management access using the following older guide (I can't find a newer one):

https://extremeportal.force.com/ExtrArticleDetail?an=000081977&q=How-to-configure-NAC-to-handle-Management-Access-from-Switches

Then I access the switch (X440-G2-24p-10G4 EXOS 30.2.1.8) with the allowed user. I get the correct permissions and everything is fine. Then I tested a user who has no permission and he can access the switch. It is true that he can only set show commands, but I think this is not the right behavior, or is it?

Troubleshooting:

  • the login gets the correct policy
  • everything is forced
  • i have reset the switch
  • i changed the ldap configuration in several ways
  • I changed the management access to user defined and tested a number of

Configuration:

 

Stefan K.'s profile image
Stefan K.

Can you change the profile of the second rule to something that rejects the auth request and test again?

 

DeoHeo's profile image
DeoHeo

One could also say: Read the fucking manuel (Step 12).
 

Thanks for the help.