Extreme Networks

Yves_Haslimann · ‎12-16-2016

Hello,

I have an extreme NAC solution running. For maintenance reason, I would like to exclude a switch temporary from NAC. So after excluding, the NAC should answer all NetLogin events from this switch with an ACCEPT packet.

My idea was to great a device group in the netsight called "unmonitored" and add this switch temporary to this group. I would then create a NAC rule at the top which check, if the switch is in this device group or not.
But, I can't create a NAC rule which checks the device group.

Is there another way to do this? Or do I it wrong?

Thank you, best regards
Yves

Yves_Haslimann · ‎12-17-2016

Hi Ron,

yes I guess it's the only way to add the switch IP static to a location group.
Thank you anyway for your feedback.

Yves

Ronald_Dvorak · ‎12-16-2016

You'd also configure/add it via EMC/Control...

5f3df06607d74a10b414f23a11f395eb_RackMultipart20161216-110912-1jjujz9-EMC_control_location_groups_inline.png

Yves_Haslimann · ‎12-16-2016

Hi Ron, thanks for your answer. I know that I could do it this way. But my goal is, that a supporter can add the switch to a device groupt in the oneview.

e8762df6818f4e45bac360af30f0e132_RackMultipart20161216-17628-1ctg42d-s_inline.jpg

Ronald_Dvorak · ‎12-16-2016

Hi Yves, that should work, below a example.
Make sure that the rule is above all other custom rules so it's checked first.
Add the switches to the location group.

-Ron

ed8b369d098e452a81e011d9b6b5349f_RackMultipart20161216-101337-1ike70x-NAC_allow_all_location_inline.png

Extreme Networks

Exclude the switch from NAC temporary

Exclude the switch from NAC temporary