Network Access Rules

It gets checked if the information of a device, thats in the database includes the MAC-Address and the VLAN, if this is not the case, the device is unknown for "PNAC". Additionally there can be extra rules. like for example that the device has to come from the site Vienna to be valid. You can set such rules regarding every field, if you want to. If everything is filled in correct, the device is valid for the network, if not it is unknown. If you decide to activate the guest feature on the switch the unknown device gets connected to the guest VLAN.

Logic

Switches are grouped to Switchgroups (Network Device Groups). Each Group can have it's own Network Access Rule set.

site=>operation: Site ndg=>operation: Network device group nd=>operation: Network device site->ndg ndg->nd

Setup

menu

First create a new Group for your switches. group

Then Edit Group Rule. Here you can enter your Rules, depending on your needs. edit

To keep it simple a Wizard has been added. It will generate the rules for the most used configurations. wizard

  • Authorization with MAC: Recommended settings for standard Security models
  • Create one rule per site: Only required if you have more than one Site with different VLAN scheme.

For the beginning you can press Load and deploy. After that the rule will be active immediately. Later please press only Load and verify the rules before deploying.

If you need more details to the rule languages, see Network Access Rules in detail