Network Access Rules

It gets checked if the information of a device, that is in the database, includes the MAC-Address and the VLAN. If this is not the case, the device is unknown for "PNAC". Additionally, there can be extra rules. For example, in order to be valid, the device must originate from the Vienna location. You can set such rules regarding every field if you want to. If everything is filled in correctly, the device is valid for the network. Otherwise, it is unknown. If you decide to activate the guest feature on the switch the unknown device gets connected to the guest VLAN.

Logic

Switches are grouped to Switchgroups (Network Device Groups). Each Group can have its own Network Access Rule set.

site=>operation: Site ndg=>operation: Network device group nd=>operation: Network device site->ndg ndg->nd

Setup

menu

First, create a new Group for your switches.

group

Then, Edit Group Rule. Here you can enter your rules depending on your needs.

edit

To keep it simple a Wizard has been added. It generates the rules for the most used configurations.

wizard

  • Authorization with MAC: Recommended settings for standard Security models
  • Create one rule per site: Only required if you have more than one Site with different VLAN schemes.

For the beginning you can press Load and deploy. After that, the rule will be active immediately. Later, just press Load and verify the rules before applying.

If you need more details about the rule languages, see Network Access Rules in detail