NAC Configuration Rules

The NAC Configuration Rules panel displays a list of rules that are used by the NAC Configuration to assign a NAC Profile to a connecting end-system based on rule criteria.

This Help topic provides information for accessing and configuring NAC Configuration Rules:

Accessing NAC Configuration Rules

Use the following steps to view and edit your NAC Configuration rules.

  1. Use the NAC ManagerEdit NAC Configuration toolbar button to open the NAC Configuration window or use the Edit button in the Configuration tab.
  2. In the left-panel tree, select the Rules icon. The table of your NAC rules is displayed in the right panel. See below for an explanation of the table columns.
  3. Use the Rules toolbar buttons to create a new rule or perform actions on the rules. See below for a description of each button.
  4. Click Save to save your changes.

Viewing Rules in the Table

The Rules table displays the rule name, whether the rule is enabled, and summary information about the rule. It also shows the NAC Profile assigned to any end-system that matches the rule and the portal redirection action, if applicable. Rules are listed in order of precedence. End-systems that do not match any of the listed rules are assigned the Default Catchall rule.

  TIP: Right click on a rule in the table to access a menu of options including the ability to edit the NAC profile and any user groups included in the rule.

 

Enabled

This column displays whether the rule is enabled or disabled . Right-click on the rule to access a menu where you can enable or disable the rule. You cannot disable any of the system rules provided by NAC Manager.

Rule Name

This column displays the rule name. Double-click on the rule to open the Edit Rule window where you can edit the rule name, if desired. You cannot change the name of the system rules provided by NAC Manager.

Conditions

This column displays the criteria an end-system must meet in order to be assigned the rule, including the authentication method and rule groups that the end-system or user must match. Double-click on the rule to open the Edit Rule window where you can edit the rule criteria, if desired. You cannot change the criteria for the system rules provided by NAC Manager. Click on a rule group name to open a window where you can edit the group's parameters.

Actions

This column displays the actions the rule takes when an end-system matches the rule's criteria. This includes the profile assigned to the end-system and the portal configuration that the end user sees. Click on the profile or portal name to open a window where you can make changes, if desired.

You may see additional columns in the table that were added using the Show Columns option from the Tools and Display Settings menu button Configure Table Display Properties. You can see definitions for these columns below.

Creating and Editing Rules

Use the Rules toolbar buttons to create, edit, and modify the rules in the table. Any changes made in this table are written immediately to the NAC Manager database.

Move Rules Move Rule Up/Down
Move rules up and down in the list to determine rule precedence.
Add New Rule Add New Rule
Opens the Create Rule window where you can define a new rule to use in the NAC configuration.
  TIP: To add a new rule at a specific location in the table, select the rule that you want the new rule to follow, right-click and select Add Rule after Selection. When you create the new rule and click OK, it is added after the selected rule. The selected rule must be a custom (user-defined) rule, or it can be the Blacklist or Assessment Warning rule.
Edit Rule Edit Rule
Opens the Edit Rule window where you can edit the rule criteria for a selected rule.
Delete Selected Rules Delete Selected Rules
Deletes any rules selected in the table.
Delete Selected Rules Configure Zone on Selected Rules
Opens the Configure Rule Zone window where you can select an end-system zone to associate with the selected rules and create a new zone, if needed. See End-System Zones for more information.

Configure Table Display Properties Tools and Display Settings

Provides a menu of the following options:

  • Show All Rules — Displays all rules including user-created custom rules as well as NAC Manager system rules, such as the blacklist, assessment warning, and catch-all rules. If Registration is enabled, you also see system rules that assign profiles to end users based on registration states.
  • Show User Created Rules Only — Displays user-created custom rules only. System rules are not displayed.
  • Advanced Rule Ordering — If you added custom rules and want to change the order of custom and system rules in the list, enable the Advanced Rule Ordering option.
  • Display Verbose — In Verbose mode, the table displays additional information in the Actions column, including links for editing the rule actions.
  • Display Compact — In Compact mode, table information is displayed in a compact format. Rest your cursor on the columns to view tooltips that provide additional Actions information and links.
  • Display Tooltips — Use the checkbox to disable the tooltips in the rules table.
  • Show Columns - Select additional columns to display in the table:
    • Authentication Method — The authentication method the end-system must match in order to be assigned the rule.
    • User Group — The user group the end-system must match in order to be assigned the rule.
    • End-System Group — The end-system group the end-system must match in order to be assigned the rule.
    • Location Group — The location group the end-system must match in order to be assigned the rule.
    • Time Group — The time group the end-system must match in order to be assigned the rule.
    • Device Type Group — The authentication method the end-system must match in order to be assigned the rule.
    • Profile — The profile assigned to the end-system when it matches the rule's criteria.
    • Portal Override — The portal configuration the end user sees when it matches the rule's criteria.
    • Zone — The end-system zone that the connection request must match in order to be assigned the rule.
  • Run Configuration Evaluation Tool — Opens the Configuration Evaluation Tool window where you can test the rules defined in your NAC Configuration to evaluate what behavior an end-system encounters when it is authenticated on an Extreme Access Control engine.
  • Launch Rule Configuration Wizard — Opens the Rule Configuration Wizard which guides you through the process of creating and configuring rules for your NAC configuration.
  • Manage Policy Mapping Configuration — Opens the Edit Policy Mapping Configuration window where you can edit the policy mappings used by your NAC profiles.

Related Information

For information on related windows:

Top