https://community.extremenetworks.com/t5/extremewireless-general/delay-in-nac-reject-notification/m-p/75323#M2631 <P>Hello Peter,</P> <P>&nbsp;</P> <P>I’m thinking out loud right now and what you could try with (when it’s possible I’d love to try this out in my environment as well):</P> <P><SPAN>​</SPAN>- email digest (Consolidate Email option under Administration &gt; Options &gt; Alarm) so that alarms are e-mailed not as they appear but e.g. every 5 minutes; plus NAC engine notification about State Accept or State Changed that triggers a log message, which is then taken as an alarm criteria for an alarm that takes no action, but is a clearing condition for auth reject alarm you already have; sounds like a lot of steps,</P> <P>- a scheduled workflow or a python script that grabs rejected end-systems and looks them up individually again after few minutes, raises an alarm only if nothing got better; might be more elegant but I’ve no idea how that gonna scale with loads of end-systems and low intervals.</P> <P>These are just my quick thoughts, what do you think?</P> <P>I didn’t encounter such requirement before but indeed sounds like a nice to have feature when you need to get alarms on every authentication failure that occured.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>Tomasz</P> Fri, 22 May 2020 18:50:42 GMT Tomasz 2020-05-22T18:50:42Z https://community.extremenetworks.com/t5/extremewireless-general/delay-in-nac-reject-notification/m-p/75322#M2630 <P>Hello,</P> <P>I’m looking for a solution to have a e-mail notification, when endsystems hit reject rule, but with a kind of delay.</P> <P>NAC catchall rule is configured for reject. For reject events, a alarm is configured with action e-mail.</P> <P>Windows Clients running 802.1X (EAP-TLS).</P> <P>As 802.1X supplicant starts when windows is started, the switch is doing a mac-auth, in pre-windows-start-time, which hits the catch-all (reject) rule.</P> <P>This results in a lot of false-positive alarms, because a few seconds or minutes later (depending on system boot time and speed) the system is authenticated correctly via&nbsp;802.1X.</P> <P>Is there a way to create a double check or a time-delay or something in this way that the alarm is only set, when reject status occurs over 1 minute or so?</P> Fri, 22 May 2020 14:12:06 GMT https://community.extremenetworks.com/t5/extremewireless-general/delay-in-nac-reject-notification/m-p/75322#M2630 PeterK 2020-05-22T14:12:06Z https://community.extremenetworks.com/t5/extremewireless-general/delay-in-nac-reject-notification/m-p/75323#M2631 <P>Hello Peter,</P> <P>&nbsp;</P> <P>I’m thinking out loud right now and what you could try with (when it’s possible I’d love to try this out in my environment as well):</P> <P><SPAN>​</SPAN>- email digest (Consolidate Email option under Administration &gt; Options &gt; Alarm) so that alarms are e-mailed not as they appear but e.g. every 5 minutes; plus NAC engine notification about State Accept or State Changed that triggers a log message, which is then taken as an alarm criteria for an alarm that takes no action, but is a clearing condition for auth reject alarm you already have; sounds like a lot of steps,</P> <P>- a scheduled workflow or a python script that grabs rejected end-systems and looks them up individually again after few minutes, raises an alarm only if nothing got better; might be more elegant but I’ve no idea how that gonna scale with loads of end-systems and low intervals.</P> <P>These are just my quick thoughts, what do you think?</P> <P>I didn’t encounter such requirement before but indeed sounds like a nice to have feature when you need to get alarms on every authentication failure that occured.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>Tomasz</P> Fri, 22 May 2020 18:50:42 GMT https://community.extremenetworks.com/t5/extremewireless-general/delay-in-nac-reject-notification/m-p/75323#M2631 Tomasz 2020-05-22T18:50:42Z