We’re far away from defining the Policy and Authentication parts of a design.
Have deployed a Trial of XMC, Analytics, FabricManager and Control v188.8.131.52 in a VSP/ERS Campus Fabric environment.
We want to enable Control to gain visibility of connected wired devices, but NOT interfere with their operation.
Is there a guide for how to setup such a “monitor-only” scenario?
Best answer by Miguel-Angel RODRIGUEZ-GARCIA
You must “interfere” a little bit to gain visibility.
You’ll have to enable eapol on the ports and make a rule that allows anything to gain access to the network.
You’ll then receive all the info into the NAC engines.
It is difficult to dump a guide here in the forum as the are many steps but basically:
- Set your xmc with all the ERS (and other switches)
- with snmp and cli access from XMC
- Set your nac infra
- define a catch all rule with an accept any rule
- Set you ERS
- define the radius servers
- set the eapol setting
I can provide some dumps of commands for the ERS if needed.
For the other steps all it should be described in the user guide.
Let me know if there are blocking points.