This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Switch Management Access using NAC Rules

Switch Management Access using NAC Rules

Go to solution
Christopher_Tay
Contributor

‎03-15-2021 07:50 PM

I have configured my X460-G2 switches to use NAC for management access.

I have 2 sets of switches and would like 1 AD group to manage any and another to manage just a subset.

The AD authentication and groups work fine.  I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

I have RADIUS authentication and accounting enabled.

Is this the correct way to create different access for switches?  If so what am I missing?

Is there a different rule I could create to accomplish this?

 

Thank you,

Chris

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Stefan_K_
Valued Contributor

‎03-15-2021 08:03 PM

Hi Chris,

 I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

Use a location group instead of an end-system group and it will work fine.

The location groups can be used for:

  • limit rules on specific switches (as in this case)
  • limit rules on specific switch-ports
  • limit rules on specific access-points
ac85cc2661de4f849acab8f5ec6416dd_19483616-4c47-4910-a9b5-87d2fb24d497.png

Best regards
Stefan

 

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Christopher_Tay
Contributor

‎03-16-2021 03:39 PM

Hi Stefan,

That worked exactly how I was hoping for.

Thank you for the help

 

Chris

0 Kudos

Go to solution
Stefan_K_
Valued Contributor

‎03-15-2021 08:03 PM

Hi Chris,

 I have tried to set up a rule that uses the “End-System”  criteria.  I have created an End-System group based on the switch IP (I tried the MAC as well) but the switches IP doesn’t seem to be recognized.

Use a location group instead of an end-system group and it will work fine.

The location groups can be used for:

  • limit rules on specific switches (as in this case)
  • limit rules on specific switch-ports
  • limit rules on specific access-points
ac85cc2661de4f849acab8f5ec6416dd_19483616-4c47-4910-a9b5-87d2fb24d497.png

Best regards
Stefan

 

0 Kudos
GTM-P2G8KFN