It gets checked if the information of a device, thats in the database includes the MAC-Address and the VLAN, if this is not the case, the device is unknown for "PNAC". Additionally there can be extra rules. like for example that the device has to come from the site Vienna to be valid. You can set such rules regarding every field, if you want to. If everything is filled in correct, the device is valid for the network, if not it is unknown. If you decide to activate the guest feature on the switch the unknown device gets connected to the guest VLAN.
Switches are grouped to Switchgroups (Network Device Groups). Each Group can have it's own Network Access Rule set.
First create a new Group for your switches.
Then Edit Group Rule. Here you can enter your Rules, depending on your needs.
To keep it simple a Wizard has been added. It will generate the rules for the most used configurations.
For the beginning you can press Load and deploy. After that the rule will be active immediately. Later please press only Load and verify the rules before deploying.
If you need more details to the rule languages, see Network Access Rules in detail