Our real case scenario is that we are authenticating clients by MAC Address, mostly Virtual Machines from any developer working for a project period within that network.
Therefore an additionally NAC rule criteria for an end system group should be an expiration date. In other words a certain VM´s MAC address should be rejected by NAC after reaching a particular date and time.
For example a client authentication is valid/accepted through to 2019-12-31 and after that particular date the VM´s MAC authentication will be rejected. This is unfortunately not working by Time Groups.
As workaround the operator manually moves the end-systems MAC to group quarantine after valid date is reached.
One idea is to use NAC Request Tool for adding and deleting end-systems, but how to automate/schedule this. The end-system MAC addresses are listed in a SQL database by invalid date.
Any idea how to get it?