This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC exclusions for Qualys scans

NAC exclusions for Qualys scans

Go to solution
joebu8
New Contributor

‎06-05-2019 02:05 PM

Hello everybody,

I can use your advice or help.

When we run a Qualys scan, it produces random MAC addresses and tries "logging" into some of the appliances for vulnerability testing.

This starts chewing up a chunk of our NAC licenses.

Is there a way to exclude the Qualys scanner IPs or MAC from the NAC so as to not occupy NAC licenses and keep things clean in general?

Any advice or assistance is greatly appreciated!

Thank you,
Billy
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Tomasz
Valued Contributor II

‎06-05-2019 10:54 PM

Hi Billy,

If we are talking about EXOS switches (are we?) the authentication is enabled globally and then you select ports in which you want to authenticate connected devices.
I don't see right now a way to use authentication with Extreme Access Control and not have an end-system in the cache that is used to calculate license usage. You can just 'exclude' ports on which the appliance is connected, by disabling authentication on these ports (or doing 'auth-override' to have just one MAC address authenticated, in the end-system table and consuming end-system license).

Hope that helps,
Tomasz

View solution in original post

6 REPLIES 6

Go to solution
joebu8
New Contributor

‎06-05-2019 02:17 PM

Hi Ron,

Thank you for taking the time to reply to my post!

By doing so, the NAC tells the switch to just let the traffic pass?
So there is no "Exclusion" setting but by disabling authorization on the port in of itself might be an exclusion?

Full Disclosure: I'm not the Network Admin and I don't have rights to the UI... but I'm trying to help them out.

Billy
0 Kudos

Go to solution
Ronald_Dvorak
Honored Contributor

‎06-05-2019 02:11 PM

Disable auth on the port the Q thing is connected to ?!
GTM-P2G8KFN