cancel
Showing results for 
Search instead for 
Did you mean: 

Switch Management Access using NAC Rules all AD User can authentificat

Switch Management Access using NAC Rules all AD User can authentificat

DeoHeo
New Contributor III

 

Hello community,

I am a little confused about the following issue:

I configured the switch management access using the following older guide (I can't find a newer one):

https://extremeportal.force.com/ExtrArticleDetail?an=000081977&q=How-to-configure-NAC-to-handle-Mana...

Then I access the switch (X440-G2-24p-10G4 EXOS 30.2.1.8) with the allowed user. I get the correct permissions and everything is fine. Then I tested a user who has no permission and he can access the switch. It is true that he can only set show commands, but I think this is not the right behavior, or is it?

Troubleshooting:

  • the login gets the correct policy
  • everything is forced
  • i have reset the switch
  • i changed the ldap configuration in several ways
  • I changed the management access to user defined and tested a number of

Configuration:

bbcf1b0b7392486190f28e6d8122e262_277bf4f8-0d7d-41ad-a51d-b5386367e8e3.png
bbcf1b0b7392486190f28e6d8122e262_9d6932cf-35dc-4678-af78-5876ea9ce7ee.png
bbcf1b0b7392486190f28e6d8122e262_acb9beda-2f11-430d-a584-9c75af7588b2.png
bbcf1b0b7392486190f28e6d8122e262_b88523c4-714f-4a84-9864-c02f4192ddce.png
bbcf1b0b7392486190f28e6d8122e262_83e9c090-31c4-47a0-b23c-728002037d7a.png

 

1 ACCEPTED SOLUTION

Stefan_K_
Valued Contributor

Can you change the profile of the second rule to something that rejects the auth request and test again?

 

View solution in original post

2 REPLIES 2

DeoHeo
New Contributor III

One could also say: Read the fucking manuel (Step 12).
 

Thanks for the help.

Stefan_K_
Valued Contributor

Can you change the profile of the second rule to something that rejects the auth request and test again?

 

GTM-P2G8KFN