we have one customer that does 802.1x Authentication (EAP-TLS) in his networks using ExtremeControl and Summit switches. Everything is working fine so far.He has the request that clients that have been out of the office (aka not seen in NAC) for longer than 14 days are put into quarantine even though they have a corect cert on their machine.
Basically: I need to find a way to put these computers into a NAC end-system group automatically.
Do you guys think that there is a way to do achieve this? I’m not very firm with Extreme API. Do you maybe have even simplier ideas on how to set this up (or something similar)?
Thanks and best regardsStefan
If you aren’t ok with the API’s, you could look at the NAC request tool to script this.
I think the API is the best way.
But for the sake of completeness you could of course also use the "Age End-Systems Older Than" and delete the client from groups after 14 days (but not add it to a group as you wish). (The settings can be found under Administration->Options->Access Control->Data Persistence).
Will take a look at this!
Ah, so this would be like the other way round… Sounds quick and dirty. Will definitely keep this in mind.
Thank you guys for your first input! :-)
Contact Us:Sam PirokCommunity@extremenetworks.com