Advanced Configuration Window

The Advanced Configuration window provides a central location to view and manage the configuration parameters for all aspects of your NAC system. You can access this window by selecting Tools > Management and Configuration > Advanced Configurations from the NAC Manager menu bar.

Advanced Configuration

The left-panel tree provides access to the following NAC system components.

NAC Configurations

Each engine group uses one NAC configuration that contains an ordered list of rules used to determine which NAC profile is assigned to the end-systems connecting to the engines in that group. NAC configurations include the following components:

Rule Components: Rule components are used to define the criteria for the rules used in your NAC configuration.

NAC Profiles: NAC profiles specify the authorization and assessment requirements for the end-systems connecting to the network. The profile also specifies the security policies that will be applied to end-systems for network authorization, depending on authentication and assessment results.

AAA Configurations: AAA configurations define the RADIUS and LDAP configurations, and Local Password Repository that provide the authentication and authorization services to your Extreme Access Control engines.

Portal Configurations: If your network is implementing Registration or Assisted Remediation, use the Portal Configuration to define the branding and behavior of the website used by the end user during the registration or remediation process.

Global and Appliance Settings

This section of the window allows you to configure the following NAC components:

MAC Locking: MAC locking lets you lock a MAC address to a specific switch or port on a switch so that the end-system can only access the network from that port or switch.

MAC to IP Mappings: MAC to IP mappings lets you create a table of MAC to IP address mappings for devices with statically assigned IP addresses. The MAC to IP mappings are sent to the Extreme Access Control (Access Control) engines in the configuration enforce. The Access Control engines uses this table to resolve IP addresses.

Appliance Settings: This folder lets you configure settings for IP, MAC, and Hostname/Username resolution. You can customize reauthentication behavior, OS detection using DHCP fingerprinting, and other settings for the Access Controlengine.