Configuration Evaluation Tool

This tool is used to test the rules defined in your NAC Configuration in order to determine what behavior an end-system encounters when it is authenticated on an Extreme Access Control engine. To access this window, click the Tools and Display Settings button Configure Table Display Properties above the Rules List in the Edit NAC Configuration window, or right-click on an end-system in the End-Systems tab, and select Run Configuration Evaluation Tool from the menu.

Click areas in the window for more information.

Configuration Evaluation Tool

User Input

Use this section to configure the end-system data and select the NAC Configuration the evaluation. If you launch the window from the End-Systems tab, the End-System Details section pre-populates with the data from the selected end-system. You can change the data by using the Edit link in the upper-right corner of the section. The Update End-System button retrieves the most recent data from the end-system, if updated in NAC Manager.

Configuration Results

This section displays how the end-system is authenticated, assessed, and authorized according to the parameters and rules of the selected NAC Configuration. Note that the results does not factor in any RADIUS user attributes since the user's RADIUS request is not present at the time the evaluation is performed.

Authorization Results Tab

Authorization Result Details
  • Authentication Request - Displays whether the Extreme Access Control engine processes the request, or reject the request based on a MAC Lock or a rule that assigns a NAC Profile configured to reject the user.
  • Rule Name - The name of the rule that the end-system passed.
  • NAC Profile - The NAC Profile assigned to the end-system by the rule.
  • Assessment Configuration - The assessment configuration used by the NAC Profile, if any.
  • MAC Lock - The MAC Lock assigned to the end-system, if any.
Authorization Policy Details
This section displays the RADIUS response attributes returned for end-systems in specific states. Possible states are Accept, Quarantine, Assessing, and Failsafe. Expand each state to view the RADIUS attributes. These are the RADIUS attributes returned for the switch IP that is listed in the End-System Details section.
Detailed Reasons
This section lists all the rules from the NAC Configuration that were evaluated during the end-system authentication. Rules are only evaluated until one of them is passed. Each rule listing can be expanded to view why the end-system passed or failed that rule.

Authentication Results Tab

This tab displays which set of RADIUS servers and LDAP servers an end-system request would be processed by.

Authentication Result Details
  • Rule Name - A description of the authentication type and user name expression used for the AAA entry that the Extreme Access Control engine uses to authenticate the end-system. For a Basic AAA Configuration, this is always: Authentication: Any, User Pattern"*".
  • Authentication - For MAC authentication requests, this field displays whether the request is authenticated locally or proxied to the RADIUS server.
  • LDAP Configuration - The LDAP configuration used to obtain any LDAP data for the end-system, if applicable.
Authentication RADIUS Server Details
This section lists the IP address, port, shared secret, timeout, and retries listed for all the RADIUS servers that can be used to authenticate the end-system request, if it needs to be proxied.
Detailed Reasons
This section is only applicable for an Advanced AAA Configuration. It lists why a request passed or failed the definition of each AAA entry.

Related Information

For information on related windows:

Top