Is there a way to setup a alarm in nac when a user has reached there "Maximum Registered Devices in nac?"

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Is there a way to setup a alarm in nac when a user has reached there "Maximum Registered Devices in nac?" We currently have it set at 5 and some staff are starting to hit the limit. It would be nice to get a email saying they hit the limit and a list of what Devices.

Also another nac question is there a good way to deny certain accounts that are in AD but having a message on the nac portal saying that they could not authenticate with that account on the wireless?

Thanks. :)
Photo of Evan Kuckelheim

Evan Kuckelheim

  • 678 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,640 Points 5k badge 2x thumb
Hello Evan,
Sorry for the delay. There may be a way to do this. Can you tell me when this happens if you see this occurring in NAC Manager?
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,462 Points 1k badge 2x thumb
Hello,

I don’t think we have a “NAC Notification” for this from the NAC Notification Engine (launched via Bell icon at the top menu area in NAC Manager).  However, if NAC Manager generates a log event when a user tries to register another device over the max allowed limit, then it’s possible NetSight can send an alarm using “match text” criteria and NetSight's Alarm and Events Manager.

If you do see the message in the log, you should open a case with GTAC for assistance with configuring Alarms and Events.

Regarding the AD question, NAC will send all LDAP login queries to the AD that you configured in your NAC's LDAP Config. If the AD responds such that credentials do not match, NAC will reflect that with an "invalid username and password" error.  I'm not sure what you mean by "a good way to deny certain accounts that are in AD".  NAC will send queries to the AD per the User Search Root path in your LDAP Config.  If the user is not a member of that path, the AD will Reject user and should also result in a username / password error.

Scott Keene,
Extreme GTAC