This window lists the various rule groups used to define the criteria for the rules used in your NAC configuration. Use this window to view and edit the defined rule groups and to add new rule groups for use in your NAC configuration. Any changes made in this window are written immediately to the NAC Manager database.
NAC Manager comes with eleven system-defined rule groups. There are six system-defined end-system groups automatically populated by NAC Manager. The first is the Assessment Warning end-system group that includes end-systems with assessment warnings and must acknowledge them before being granted access to the network. The second is the Blacklist end-system group that includes end-systems denied access to the network. The other four system-defined groups are populated as end-systems register through the Registration portal. In addition, there is one system-defined time group called Default Work Week and six system-defined device type groups called Android, Apple iOS, BlackBerry, Linux, Mac, and Windows.
When you create a new rule group, you can select from the following rule group categories:
| Category | Group Types | Value Types |
|---|---|---|
| User Groups | Username | A list of usernames which can be based on an exact match or a wild card. |
| LDAP User Group | A list imported from an LDAP Server, organized by Organization Unit (OU). | |
| RADIUS User Group | A list of attributes returned by the RADIUS server. | |
| End-System Groups | MAC | A list of MAC addresses, MAC OUI, or MAC Masks. |
| IP | A list of IP addresses or subnets. | |
| Hostname | A list of hostnames: exact match or wild card (for example, *.extremenetworks.com). | |
| LDAP Host Group | A way to group hosts by doing an LDAP lookup on the resolved hostname of the end-system detected on the network. | |
| Device Type Groups | Device Type | A list of device types. |
| Location Groups | Location | A list of switches, switches and ports, or switches and SSIDs. |
| Time Groups | Time of Week | A weekly time range. |
To access this window, select the Manage Rule Groups button
in the NAC Manager toolbar or select Tools > Management and Configuration > Rule Groups from the
menu bar.
Click areas in the window for more information.
-
- Use these buttons to add, edit, or delete rule groups, or to import MAC entries from a file for viewing and assigning to various end-system groups.
- Filter
- Use the Filter field to filter for a specific group based on a numeric value or text. For delimited values such as a MAC or IP address, use the same delimiter used in the group.
- Find MAC
- Find a MAC address in an end-system group by entering a complete MAC address and clicking the Search button.
- Type
- The type selected for the specific rule group. For example, an end-system group with a type of MAC.
For information on related windows:
