NAC Zones - design question
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-02-2015 04:19 AM
Hi,
i wanna setup NAC Zones, locations/switches being the selector. Got about 20 locations to reflect in Zones, and about 20 for dieferent endsystem classifications across all locations. Because the Zones are applied by NAC rules only, this would result in a very questionable amount of NAC rules. Ist there any other way to use zones just by switch location?
i wanna setup NAC Zones, locations/switches being the selector. Got about 20 locations to reflect in Zones, and about 20 for dieferent endsystem classifications across all locations. Because the Zones are applied by NAC rules only, this would result in a very questionable amount of NAC rules. Ist there any other way to use zones just by switch location?
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-11-2016 01:14 PM
the only purpose for this is to make local end systems visible to local admins (admins of the end systems, not networking) via oneview. All real network administration tasks are done by central IT departement admins.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-11-2016 12:16 PM
But, what should this managers have to be done? Allow "unknown" MAC addresses? Whats the reason for you to involve theme for this job? For me there is somegthing missing for a fully understanding.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-11-2016 11:36 AM
The point is that the Zones only works with end-system-groups. So therefor you had to create end-system-groups based on your switch locations. So these mac addresses you can easy get from the NAC Manager by using a filter to the switch ip, then export it and import the mac addresses to each end-system-group.
Best if you choose names that are likly for your switches.
Create your zone managers in the Zone management and then you have to edit your current rule Matrix entries and add the correct zone to each "manager" (=user).
The "managers" should now be able to add a user to his end-system-group if a client connects to his switch based on the entry in the rule matrix line for this.
Best if you choose names that are likly for your switches.
Create your zone managers in the Zone management and then you have to edit your current rule Matrix entries and add the correct zone to each "manager" (=user).
The "managers" should now be able to add a user to his end-system-group if a client connects to his switch based on the entry in the rule matrix line for this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-11-2016 11:33 AM
I am sorry, I delete my last answer to you, I was wrong.
Are you having moving users that on some days are connected to switch A and on other days to Switch B or are the users static to there switches?
Are you having moving users that on some days are connected to switch A and on other days to Switch B or are the users static to there switches?
