Network Access Control

 View Only

  • 1.  Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 16, 2009 06:16 AM
    We manage well over 10'000 machines and have a symantec infrastructure in place. The problem is we are now employing SNAC and have over 600 devices with MAC addresses we need added to the Trusted Hosts list on the SEPM server.

    We have a list of the 600 MAC addresses in a text file is there a way i can automate the procedure and have this list imported into the Trusted hosts list?

    Any help would be much appreciated, and this is somewhat an urgent dilema we are in!

    Many Thanks

    Paul


  • 2.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 16, 2009 01:18 PM
    There is no import feature available for Host Groups and as this data gets written directly to the database so I dont think there would be any file which we can modify.
    However you can still call support and check if they have some workaround for it.


  • 3.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 17, 2009 04:08 AM
    I can import Group Properties for the I-DHCP Enforcer, so i added in a dummy mac address (44-44-44-44-44-44) and it added this line to the XML. If it was just a simple case of updating the XML with the 600 MAC addresses and importing it back into the SEPM this wouldn't be a problem but i can't understand what the rest of the items are in the line,

    i.e. what is the <MacAddress _d="false" _i="BEB2A3B00A01300D01BDBFECE7F3232A" _t="1245144919489" _v> part mean?



    <MacAddress _d="false" _i="BEB2A3B00A01300D01BDBFECE7F3232A" _t="1245144919489" _v="4">44-44-44-44-44-44</MacAddress>


  • 4.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 17, 2009 06:29 AM
    Or what about even writing these MAC addresses directly to the Database using a PHP page? would this be possible?


  • 5.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 19, 2009 10:54 PM
    any advice? 


  • 6.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 22, 2009 04:39 AM
    Doesn't look like we are going to get much help with this! I've been searching through the database looking for the entries that appear when a MAC address is added to the host exclusion list but can't find anything.

    I'm starting to get more and more frustrated. Especially when we had a guy from Symantec visit us tell us that it's a simple enough thing to automate, then when he leaves doesn't accept phone calls or reply to emails surprisingly enough.


  • 7.  RE: Symantec NAC Integrated Enforcer for DHCP Trusted Hosts list

    Posted Jun 22, 2009 06:55 AM

    If i knew even how the details of the trusted hosts are added to the database i could get a php script written to do this! would help you with your voip problems and me with my printers!

    If i can get some kind of solution to this i will create a document for it outlining the procedure, so it will be beneficial for all, i'll also post any PHP scripts/pages which have been useful for me.