Question

NAC Automation

  • 21 October 2020
  • 1 reply
  • 51 views

Userlevel 1

Hello

I’m on a NAC Project with about 400-500 NAC Rules.  To configure all of them manually it’s a real pain. What possibilities of automation are available? 

Following tasks I’d like to automate:

  • vlan creation
  • Create NAC Rules
  • Create NAC Profile and assigns accespt Policy

 

For the following Tasks I found a solution for automation:

  • location Groups => can be done via CSV import
  • End System Groups => can be done via CSV import
  • Policy Mapping => Can be imported from CSV via legacy 

 

Unfortunately, the API does not support a lot of configuration Tasks. Does anyone have an idea if there is another way to automate this steps?

 

best regards
Michael


1 reply

Userlevel 6
Badge +1

Michael,

 

The only option available is createGroupRuleProfilePolicy but is is quite limited in flexibility.

Here the code from XMC_NBI:

def createGroupRuleProfilePolicy(self, group_name: str, vlanId: int, vlanName: str, cfgDomain: str = 'Default'):
'''create NAC group, rule, profile, policy'''

query = '''
mutation {
accessControl {
createDCMVirtualAndPhysicalNetwork(input: {
vlanName: "<VLAN-NAME>"
primaryVlanId: <VLAN-ID>
name: "<GROUP>"
nacConfig: "<CONFIG-DOMAIN>"
}) {
status
message
}
}
}

 

Mig

Reply