09-10-2010 01:30 AM - edited 02-21-2020 04:04 AM
Hi, excuse me I am new to NAC. Have to manage a remote /21. Cannot split more but last subnet of group must bypass NAC, keeping integrity of GW, route and /21. How can I setup this?
Thanks
A
09-10-2010 10:22 AM
Hi A,
NAC is all about engineering the traffic so during the authentication/posture-assessment/remediation phase traffic is always flowing through the CAS. Keeping that in mind you'll have to design your traffic flow. Without more details this is about as specific as I can get :-)
HTH,
Faisal
09-13-2010 01:01 AM
Hello Faisal,
that's in fact is what I was afraid of..
Unfortunately I cannot split/design the traffic before the CAS. I would like to have the last /24 subnet of my /21 subnets' group exempted from authentication (It will be a bulk of servers which, of course need to autoupdate themselves, -while their security is managed by installed agents-).
So, I was wondering if there is any turnaround to avoid to manually input IP and MAC of each of these machines to make them bypass the NAC.
(Apologies...I hope my bad English does not create more confusion on this matter)
Thanks in advance for your patience
A (H0nizatin0)
09-13-2010 06:10 AM
Hi A,
You could put in Subnet filters designating just the last octet of that big subnet to not be authenticated. Again this might or might not work since I don't have enough details to tell you one way or the other. Subnet filters are used to exempt devices from NAC'ing. Look under Filters -> Subnets
HTH,
Faisal
09-14-2010 12:19 AM
Hello Faisal,
thanks a lot for the suggestion !
As soon as we will start the process (we are NACing so many other subnets at the moment)
I will post more details about the (successful) operation.
Thanks again for your kind and quick support
A (nizatino)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide