Configuring the nac exclusion list, Configuring the, Nac exclusion list – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 159
Brocade Mobility RFS7000-GR Controller System Reference Guide
145
53-1001944-01
Viewing and configuring switch WLANs
4
Configuring the NAC exclusion list
The switch provides a means to bypass NAC for 802.1x devices without a NAC agent. For Brocade
handheld devices (like the MC9000), authentication is achieved using an exclusion list.
A list of MAC addresses (called an exclusion list) can be added to each WLAN. Each has a separate
configuration for the RADIUS server (which only conducts EAP authentication). An exclusion list is a
global index-based configuration. An exclusion list can be configured and associated to any WLAN.
If a device’s MAC address is not present in an exclusion list, it will go through the NAC server (LAN
enforcer) and thereby a 802.1x host integrity check. For every WLAN configuration, there are two
separate EAP servers (RADIUS and NAC).
Whenever a host entry is added or deleted from/to the list, the associated WLAN is updated and
deauthenticated. The de-authenticated MU can be re-authenticated once it receives the
de-authentication information from the WLAN.
For a NAC configuration example using the switch CLI, see
“NAC configuration examples using the
To view the attributes of a NAC exclusion list:
1. Select Network > Wireless LANs from the main menu tree.
2. Select the NAC Exclude tab to view and configure all the NAC include enabled devices.
The Exclude Lists field displays a list of devices that can be excluded from a WLAN.
3. Use the Add button to add a device that can be excluded on a WLAN. For more information, see
“Adding an exclude list to the WLAN”
The List Configuration field displays a list of MAC addresses that can be excluded from a
WLAN. You can add more than one device to this list.