ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Script to auto add MAC's to a End system group in NAC

  • 1.  Script to auto add MAC's to a End system group in NAC

    Posted 07-16-2018 08:39
    Hi Community

    Thought I will ask here before I try and re invent the wheel.

    We have deployed a NAC at a corporate client.
    Different policies is applied to the clients based on various End system Groups.

    The problem the client has is that currently they are manually adding clients to end system groups.
    They are looking for automating this process by having something like a central Excel sheet with a list of all the MAC, and having this imported to the NAC end system groups automatically.
    New Mac's can just be added to the excel sheet by a non technical person and then place the user in the correct end system group.

    Using the XMS connect module with web service this can be done, but programming is not my strong point :0....

    Anybody out their done something like this that you can share with me.


  • 2.  RE: Script to auto add MAC's to a End system group in NAC

    Posted 07-16-2018 09:09
    Hi Andre,

    the XMC API provides you with the functionality you are looking for. If you want to pull the data from an Excel sheet I'm assuming you are planning to build a script for the Windows platform!?

    My suggestion then would be to either use Powershell (advantage: nothing else to install on your Windows machine) or something like Python (you will need to install the scripting environment for it).


  • 3.  RE: Script to auto add MAC's to a End system group in NAC

    Posted 07-16-2018 15:15
    Hi Andre.

    Another option is to use Extreme Connect module called Distributed IPS to fill the endsystem table based on syslog.

    if you do not like scripting at all:
    1. enable and configure distriubted IPS under what conditions to fill what end-system table
    2. connect to the XMC by SSH (or any linux machine) and you can use command logger to send syslog message to XMC.

    logger Please add Printer MAC: 00:11:22:33:44:55[/code]will have result in the syslog:
    <5>Jul 16 19:10:27 XMC(127.0.0.1) root: Please add Printer MAC: 00:11:22:33:44:55[/code]
    Regarding the IPS module configuration you can take inspiration from GitHub = https://github.com/extremenetworks/Integrations/blob/master/SonicWall/dips/README.md
    and https://github.com/extremenetworks/Integrations/blob/master/Infoblox/dips/README.md

    for the example above the regex will be
    Please.add.Printer.MAC:.$threatMacAddress

    good luck


  • 4.  RE: Script to auto add MAC's to a End system group in NAC

    Posted 07-16-2018 15:58
    Hello Andre,

    if you a not familiar with programming, there is a third quite easy way to add your end systems.
    You can use the NAC Request Tool (available for Linux and Windows). With the NAC Request Tool you can add endsystems in the CSV format.

    You will find the tool in the download section for XMC and a PDF manual in documentation section.
    You will find a lot of examples, too.

    Best regards
    Stephan