How to restrict access to particular NAC gateway/switches/End systems ?


We have NMS installed in HQ and NAC Gateways across the network in different locations. There are some local administrators and we want them to have access to NAC Manager to see and manage local users(from local switches). Is there any possibility to differentiate NAC Administrators to have access only to particular switches and end users authenticated on that switches?

5 replies

Userlevel 7
No, that isn't possible.

Netsight only allows to restrict admin-users to certain features of Netsight.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-setup-and-Use-Netsight-Authorizatio...

-Ron
That is something that we are already using. So there is no way to achieve goals that we need?
Userlevel 7
No, I don't see any functions that restrict access to certain resources (switches, NAC,...).
Userlevel 2
I am sorry, but for sure this IS possible. It depends what you really need to do on the switches. You can create "Zones", that Zones you have to assign to end-system-groups and with the webview you can handle that each local admin is only able to see and manage the MAC addresses he should be able. We have done this concept with my biggest customer. But we did not give them access to the switches, they don't need this. You only have to create a end-system-group / rule you can put on specific ports when they have to install new (unknown) clients/mac addresses. With this they are able to see the new mac addresses and so they can move it to there own managed zones/ end-system-groups.

Userlevel 2
We have also restricted the "oneView" settings for each user, these users are not able to login to the Netsight Server directly, the only have access via OneView. And there it is restricted what End-System-Groups they can see and manage.

Reply