NAC device into learning mode?


Hi All! I heard that you can put your NAC device into learning mode to get an idea as to what comes onto the network but I am unsure how to do this? I would like to do this in my lab environment to see how it works. Can anyone give me instructions?

4 replies

Userlevel 2
We do this by the following way. We activate MAC Auth at all ports via Policy Manager and create a Rule "Allow All". In NAC we create a Profile with Response of this Policy "Allow All". Then we create a rule and put in this Profile. So you can see all Clients behind you Switch Ports and in the first step they will be allowed to connect. In other steps you can create End-System Groups and other criteria and do an authentication.
Userlevel 6
In rules use pass-through NAC Profile
Userlevel 7
You also should forward the client DHCP requests to the NAC as that messages are needed for fingerprinting.

-Ron
Thanks for the response Nico, I have never used policy manager. Any chance you could walk me through how you activate Mac auth & create the allow all rule? Thanks

Reply