cancel
Showing results for 
Search instead for 
Did you mean: 

NAC Zones - design question

NAC Zones - design question

mp2014
New Contributor II
Hi,

i wanna setup NAC Zones, locations/switches being the selector. Got about 20 locations to reflect in Zones, and about 20 for dieferent endsystem classifications across all locations. Because the Zones are applied by NAC rules only, this would result in a very questionable amount of NAC rules. Ist there any other way to use zones just by switch location?
12 REPLIES 12

mp2014
New Contributor II
the only purpose for this is to make local end systems visible to local admins (admins of the end systems, not networking) via oneview. All real network administration tasks are done by central IT departement admins.

Rainer_Adam
New Contributor III
But, what should this managers have to be done? Allow "unknown" MAC addresses? Whats the reason for you to involve theme for this job? For me there is somegthing missing for a fully understanding.

Rainer_Adam
New Contributor III
The point is that the Zones only works with end-system-groups. So therefor you had to create end-system-groups based on your switch locations. So these mac addresses you can easy get from the NAC Manager by using a filter to the switch ip, then export it and import the mac addresses to each end-system-group.

Best if you choose names that are likly for your switches.

Create your zone managers in the Zone management and then you have to edit your current rule Matrix entries and add the correct zone to each "manager" (=user).

The "managers" should now be able to add a user to his end-system-group if a client connects to his switch based on the entry in the rule matrix line for this.

Rainer_Adam
New Contributor III
I am sorry, I delete my last answer to you, I was wrong.

Are you having moving users that on some days are connected to switch A and on other days to Switch B or are the users static to there switches?

GTM-P2G8KFN