cancel
Showing results for 
Search instead for 
Did you mean: 

Switch Management Access using NAC Rules

Switch Management Access using NAC Rules

Christopher_Tay
Contributor

I have configured my X460-G2 switches to use NAC for management access.

I have 2 sets of switches and would like 1 AD group to manage any and another to manage just a subset.

The AD authentication and groups work fine.  I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

I have RADIUS authentication and accounting enabled.

Is this the correct way to create different access for switches?  If so what am I missing?

Is there a different rule I could create to accomplish this?

 

Thank you,

Chris

1 ACCEPTED SOLUTION

Stefan_K_
Valued Contributor

Hi Chris,

 I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

Use a location group instead of an end-system group and it will work fine.

The location groups can be used for:

  • limit rules on specific switches (as in this case)
  • limit rules on specific switch-ports
  • limit rules on specific access-points
ac85cc2661de4f849acab8f5ec6416dd_19483616-4c47-4910-a9b5-87d2fb24d497.png

Best regards
Stefan

 

View solution in original post

2 REPLIES 2

Christopher_Tay
Contributor

Hi Stefan,

That worked exactly how I was hoping for.

Thank you for the help

 

Chris

Stefan_K_
Valued Contributor

Hi Chris,

 I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

Use a location group instead of an end-system group and it will work fine.

The location groups can be used for:

  • limit rules on specific switches (as in this case)
  • limit rules on specific switch-ports
  • limit rules on specific access-points
ac85cc2661de4f849acab8f5ec6416dd_19483616-4c47-4910-a9b5-87d2fb24d497.png

Best regards
Stefan

 

GTM-P2G8KFN