The Network Access Rules are verified by checking the information of a device present in the database, which includes the MAC-Address and the VLAN. If these details are not available, the device is considered as unknown for the "PNAC" system. Additionally, there can be extra rules set up. For instance, the device must originate from a specific location to be considered valid. Such rules can be defined for every field as required. If all the necessary fields are accurately filled in, the device is approved for network access. If not, it remains unrecognized. In case the guest feature is enabled on the switch, the unidentified device is automatically assigned to the guest VLAN.
Logic
Switches are grouped to switchgroups (Network Device Groups). Each group can have its own Network Access Rule set.
Setup
First, create a new Group for your switches.
Then, Edit Group Rule. Here you can enter your rules depending on your needs.
To keep it simple a wizard has been added. It generates the rules for the most used configurations.
- Authorization with MAC: Recommended settings for standard Security models
- Create one rule per site: Only required if you have more than one Site with different VLAN schemes.
For the beginning you can press Load and deploy. After that, the rule will be active immediately. Later, just press Load and verify the rules before applying.
If you need more details about the rule languages, see Network Access Rules in Detail.