It gets checked if the information of a device, that is in the database, includes the MAC-Address and the VLAN. If this is not the case, the device is unknown for "PNAC". Additionally, there can be extra rules. For example, in order to be valid, the device must originate from the Vienna location. You can set such rules regarding every field if you want to. If everything is filled in correctly, the device is valid for the network. Otherwise it is unknown. If you decide to activate the guest feature on the switch the unknown device gets connected to the guest VLAN.
Switches are grouped to Switchgroups (Network Device Groups). Each Group can have it's own Network Access Rule set.
First, create a new Group for your switches.
Then, Edit Group Rule. Here you can enter your rules depending on your needs.
To keep it simple a Wizard has been added. It generates the rules for the most used configurations.
For the beginning you can press Load and deploy. After that, the rule will be active immediately. Later, just press Load and verify the rules before applying.
If you need more details about the rule languages, see Network Access Rules in detail