cancel
Showing results for 
Search instead for 
Did you mean: 

XMC Control monitor-only mode for Trial

XMC Control monitor-only mode for Trial

ed_zubrickas
New Contributor III

We’re far away from defining the Policy and Authentication parts of a design.

Have deployed a Trial of XMC, Analytics, FabricManager and Control v8.5.2.6 in a VSP/ERS Campus Fabric environment.

We want to enable Control  to gain visibility of connected wired devices, but NOT interfere with their operation.

Is there a guide for how to setup such a “monitor-only” scenario? 

1 ACCEPTED SOLUTION

Miguel-Angel_RO
Valued Contributor II

Hi edward,

You must “interfere” a little bit to gain visibility.

You’ll have to enable eapol on the ports and make a rule that allows anything to gain access to the network.

You’ll then receive all the info into the NAC engines.

 

It is difficult to dump a guide here in the forum as the are many steps but basically:

  1. Set your xmc with all the ERS (and other switches)
    1. with snmp and cli access from XMC
  2. Set your nac infra
    1. define a catch all rule with an accept any rule
  3. Set you ERS
    1. define the radius servers
    2. set the eapol setting
  4. Test

I can provide some dumps of commands for the ERS if needed.

For the other steps all it should be described in the user guide.

Let me know if there are blocking points.

Mig

View solution in original post

3 REPLIES 3

kevin_phi
New Contributor

@Miguel-Angel RODRIGUEZ-GARCIA

Hello Miguel-Angel, 

I’m in the same situation and don’t see the end-systems connected on my ERS switch.

I’m interested if you have some dumps of commands c7c9a1376ec04a34815ed825162658e2_1f64f.png

ed_zubrickas
New Contributor III

Gracias, Miguel-Angel!

I will investigate further via documentation

Ed Z..

Miguel-Angel_RO
Valued Contributor II

Hi edward,

You must “interfere” a little bit to gain visibility.

You’ll have to enable eapol on the ports and make a rule that allows anything to gain access to the network.

You’ll then receive all the info into the NAC engines.

 

It is difficult to dump a guide here in the forum as the are many steps but basically:

  1. Set your xmc with all the ERS (and other switches)
    1. with snmp and cli access from XMC
  2. Set your nac infra
    1. define a catch all rule with an accept any rule
  3. Set you ERS
    1. define the radius servers
    2. set the eapol setting
  4. Test

I can provide some dumps of commands for the ERS if needed.

For the other steps all it should be described in the user guide.

Let me know if there are blocking points.

Mig

GTM-P2G8KFN