I have a client with EOS switches that uses MAC-To-Role Mapping from Policy Manager to allow certain devices to access the network with a different policy than the default when comunication between the switch and the NAC is interrupted.
In EXOS, I can not do that, only VLAN to Role mapping works (not Mac to role or IP to role).
The client is security-concious and is concerned that in remote offices, if the NAC is not available, everyone can get in. They want to still be able to apply certain security to certain devices.
Is there a different method to make sure a local (inside the switch) autentication happens only if the NAC is not available for auhentication?