This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Script to auto add MAC's to a End system group in NAC

Script to auto add MAC's to a End system group in NAC

Andre_Brits_Kan
Contributor II

‎07-16-2018 08:39 AM

Hi Community

Thought I will ask here before I try and re invent the wheel.

We have deployed a NAC at a corporate client.
Different policies is applied to the clients based on various End system Groups.

The problem the client has is that currently they are manually adding clients to end system groups.
They are looking for automating this process by having something like a central Excel sheet with a list of all the MAC, and having this imported to the NAC end system groups automatically.
New Mac's can just be added to the excel sheet by a non technical person and then place the user in the correct end system group.

Using the XMS connect module with web service this can be done, but programming is not my strong point :0....

Anybody out their done something like this that you can share with me.
3 REPLIES 3

StephanH
Valued Contributor III

‎07-16-2018 03:58 PM

Hello Andre,

if you a not familiar with programming, there is a third quite easy way to add your end systems.
You can use the NAC Request Tool (available for Linux and Windows). With the NAC Request Tool you can add endsystems in the CSV format.

You will find the tool in the download section for XMC and a PDF manual in documentation section.
You will find a lot of examples, too.

Best regards
Stephan
Regards Stephan
0 Kudos

Zdeněk_Pala
Extreme Employee

‎07-16-2018 03:15 PM

Hi Andre.

Another option is to use Extreme Connect module called Distributed IPS to fill the endsystem table based on syslog.

if you do not like scripting at all:
1. enable and configure distriubted IPS under what conditions to fill what end-system table
2. connect to the XMC by SSH (or any linux machine) and you can use command logger to send syslog message to XMC.

logger Please add Printer MAC: 00:11:22:33:44:55will have result in the syslog:
<5>Jul 16 19:10:27 XMC(127.0.0.1) root: Please add Printer MAC: 00:11:22:33:44:55
Regarding the IPS module configuration you can take inspiration from GitHub = https://github.com/extremenetworks/Integrations/blob/master/SonicWall/dips/README.md
and https://github.com/extremenetworks/Integrations/blob/master/Infoblox/dips/README.md

for the example above the regex will be
Please.add.Printer.MAC:.$threatMacAddress

good luck
Regards Zdeněk Pala
0 Kudos

Kurt_Semba
Extreme Employee

‎07-16-2018 09:09 AM

Hi Andre,

the XMC API provides you with the functionality you are looking for. If you want to pull the data from an Excel sheet I'm assuming you are planning to build a script for the Windows platform!?

My suggestion then would be to either use Powershell (advantage: nothing else to install on your Windows machine) or something like Python (you will need to install the scripting environment for it).
0 Kudos
GTM-P2G8KFN