Exclude the switch from NAC temporary

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello,

I have an extreme NAC solution running. For maintenance reason, I would like to exclude a switch temporary from NAC. So after excluding, the NAC should answer all NetLogin events from this switch with an ACCEPT packet.

My idea was to great a device group in the netsight called "unmonitored" and add this switch temporary to this group. I would then create a NAC rule at the top which check, if the switch is in this device group or not.
But, I can't create a NAC rule which checks the device group. 

Is there another way to do this? Or do I it wrong?

Thank you, best regards
Yves
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,526 Points 20k badge 2x thumb
Hi Yves, that should work, below a example.
Make sure that the rule is above all other custom rules so it's checked first.
Add the switches to the location group.

-Ron

Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Hi Ron, thanks for your answer. I know that I could do it this way. But my goal is, that a supporter can add the switch to a device groupt in the oneview.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,526 Points 20k badge 2x thumb
You'd also configure/add it via EMC/Control...

Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Hi Ron,

yes I guess it's the only way to add the switch IP static to a location group.
Thank you anyway for your feedback.

Yves