I am looking at creating a really basic NAC policy where all devices in a switch can communicate freely within their subnet (192.168.0.0/24 for example), nothing else, except for a single device (192.168.0.10).
192.168.0.10 (on a separate physical switchport) needs to be able to talk to not only everything in 192.168.0.0/24, but also needs to be able to send HTTPS requests via TCP/443 out to a device with 10.0.0.10 IP address. I've been able to easily get policy applied to ports to allow or block services completely, but would appreciate assistance in figuring out the simplest approach to also specify IP addresses allowed to communicate.
In short:
1) 192.168.0.0/24 can talk to everything within that subnet unrestricted. Can't talk to anything else with the exception of a single device (192.168.0.10).
2) 192.168.0.10 needs to talk to everything on 192.168.0.0/24
3) 192.168.0.10 needs to also talk to 10.0.0.10 via TCP/443. Communication initiates from 192.168.0.10 outbound to 10.0.0.10
I apologize if this is easily found on documentation. I've been going through the documentation and training. Figured I'd ask for assistance to make sure I am going down the right path. Thank you!
