Header Only - DO NOT REMOVE - Extreme Networks

Script to auto add MAC's to a End system group in NAC


Userlevel 5
Hi Community

Thought I will ask here before I try and re invent the wheel.

We have deployed a NAC at a corporate client.
Different policies is applied to the clients based on various End system Groups.

The problem the client has is that currently they are manually adding clients to end system groups.
They are looking for automating this process by having something like a central Excel sheet with a list of all the MAC, and having this imported to the NAC end system groups automatically.
New Mac's can just be added to the excel sheet by a non technical person and then place the user in the correct end system group.

Using the XMS connect module with web service this can be done, but programming is not my strong point :0....

Anybody out their done something like this that you can share with me.

3 replies

Userlevel 3
Hi Andre,

the XMC API provides you with the functionality you are looking for. If you want to pull the data from an Excel sheet I'm assuming you are planning to build a script for the Windows platform!?

My suggestion then would be to either use Powershell (advantage: nothing else to install on your Windows machine) or something like Python (you will need to install the scripting environment for it).
Userlevel 6
Hi Andre.

Another option is to use Extreme Connect module called Distributed IPS to fill the endsystem table based on syslog.

if you do not like scripting at all:
1. enable and configure distriubted IPS under what conditions to fill what end-system table
2. connect to the XMC by SSH (or any linux machine) and you can use command logger to send syslog message to XMC.

logger Please add Printer MAC: 00:11:22:33:44:55[/code]will have result in the syslog:
<5>Jul 16 19:10:27 XMC(127.0.0.1) root: Please add Printer MAC: 00:11:22:33:44:55[/code]
Regarding the IPS module configuration you can take inspiration from GitHub = https://github.com/extremenetworks/Integrations/blob/master/SonicWall/dips/README.md
and https://github.com/extremenetworks/Integrations/blob/master/Infoblox/dips/README.md

for the example above the regex will be
Please.add.Printer.MAC:.$threatMacAddress

good luck
Userlevel 5
Hello Andre,

if you a not familiar with programming, there is a third quite easy way to add your end systems.
You can use the NAC Request Tool (available for Linux and Windows). With the NAC Request Tool you can add endsystems in the CSV format.

You will find the tool in the download section for XMC and a PDF manual in documentation section.
You will find a lot of examples, too.

Best regards
Stephan

Reply