Layer 3 Integration Guide
Learn the steps required to integrate MetaAccess NAC into a customer Layer 3 network environment and validate the integration with a test policy. Note that this page only provides the minimum requirements needed to achieve network integration.
Add a Layer 3 switch/router to MetaAccess NAC
To access the MetaAccess NAC UI, navigate to the link below and login with MetaAccess NAC Admin credentials (admin/admin is the default username and password). https://x.x.x.x:8443/manage
Once logged into the MetaAccess NAC UI, the network integration options are located under Configuration Manager.
Once logged into Configuration Manager, click on Routers/Switches under Enforcement Setup in the left pane.
In the right pane, click on the New Connection button.
Click on the edit button to enter a Label, Description, IP address and credentials for MetaAccess NAC to login to the router. For the “Enforcer” field, select your system’s IP address from the drop down list.
Optional Fields if Full Configuration Access is Default
The Configuration Prompt fields and second set of passwords are only required if a network admin has to type “enable” and a second password to login. If full configuration access is enabled by default with the credentials entered, then those three fields must be blank. After the credentials have been entered, select the appropriate vendor from the Connection Type drop down list. If an Exit Delay or Measured Commit option is available, it is recommended to select that option for optimum performance.
Verify MetaAccess NAC/Router Connection
To verify the connection, click the Verify Connectivity and Configuration button. The text box should display a successful login and the addition of a test IP to the configuration.
If there is no output or an error message indicating “No router is open for this IP”, double check for access-lists (including VTY ACLs), firewall rules or other issues that would prevent the MetaAccess NAC system IP from connecting to the router. A manual connection attempt using a terminal emulator is also a valuable tool when troubleshooting issues specifically related to credentials. After a successful test, change the connection state to Enabled and click Save changes.
Once enabled, the connection should display a green checkmark.
Apply MetaAccess NAC script to Layer 3 switch/router
Now that the Layer 3 switch/router has been added to MetaAccess NAC and connectivity from MetaAccess NAC to the router has been verified, a script must be applied to the switch/router to complete the integration setup.
Example scripts are provided on Layer 3 Integration Scripts. The scripts are designed to be cut and paste. Locate the appropriate script for the make/model, fill in the variables in the script with the appropriate information and apply the script.
This concludes the steps required for Layer 3 integration. To test the integration, proceed to the Configure Identity for Unmanaged Devices section.