Feature Request: NAC Rule Grouping, Rule Description

  • 11 March 2015
  • 6 replies
  • 151 views

Userlevel 3
Hi folks,

The NAC rules are getting confusing. It would be great there would be a possibility to group some rules e.g. Wireless Authentication.

Another great thing would be a column for description.

A very good example for great rule ordering is Check Point (See Demo picture below).



What do you think about this?

Best Regards
Michael

6 replies

Userlevel 6
Some need for my customers!!

NAC needs Rule Grouping, Rule Description - Checkpoint GUI is a great template!
Userlevel 3
I worked since now more than 16 years with Cabletron/Enterasys devices, but overall, they NEVER created such a stable thing as there NAC system. If there is something wrong, it is your fault. If NAC is configured properly, it works all the time, all the years....

Hi Rainer,

I totally agree with you that NAC is a very powerfull and robust product. But to be honest even NAC has bugs sometimes 😉 - lucky you if you did not run into one so far.

But never the less - why should Extreme stop improving their already great product? This is just a feature request.

Regards
Michael
Userlevel 2
I worked since now more than 16 years with Cabletron/Enterasys devices, but overall, they NEVER created such a stable thing as there NAC system. If there is something wrong, it is your fault. If NAC is configured properly, it works all the time, all the years....
Userlevel 2
It depends on that what the customer wants to do. My customers NAC has more than 750 rule matrix lines, wireless is one of these. You could authenticate on the "Switchport" where the users enters the LAN, in case of Wireless this is the WLAN Controller.

With NAC you have so many possibilties, specially also for NAC where you can easilly create a location binding (some users are only allowed on specified Accesspoints to a pre-defined time) and much much more.

Combine all the information you get from Netsight and NAC to make it secure. If you know that a printer will never comes up as a windows maschine, deny it. We have also for some special SSID's a "whitelist" where we define what End-System-Group is able to access this SSID (reverse blacklist)....
Userlevel 2
I think that is a great idea !!!

The NAC installations that I've done so far were easy and used mainly a small rule set - even then it's kind of confusing.
I can't imagine a rule set with 100+ lines.....
My customers NAC has more than 750 rule matrix lines, so no fell into panic. It works great (with currently LPA's and 2 HPA's) (they will be changed in the next 2 months in reason for the "end of life" of the LPA's. They never has more than 5% CPU load on the LPA's with more than 4000 users.
Userlevel 7
I think that is a great idea !!!

The NAC installations that I've done so far were easy and used mainly a small rule set - even then it's kind of confusing.
I can't imagine a rule set with 100+ lines.....

Reply