Installation guide
Network Setup 4-75
4.5.5 Configuring the NAC Exclusion List
The switch provides a means to bypass NAC for 802.1x devices without a NAC agent. For Motorola handheld
devices (like the MC9000), authentication is achieved using an exclusion list.
A list of MAC addresses (called an exclusion list) can be added to each WLAN. Each has a separate
configuration for the Radius server (which only conducts EAP authentication). An exclusion list is a global
index-based configuration. An exclusion list can be configured and associated to any WLAN.
If a device’s MAC address is not present in an exclusion list, it will go through the NAC server (LAN enforcer)
and thereby a 802.1x host integrity check. For every WLAN configuration, there are two separate EAP servers
(Radius and NAC).
Whenever a host entry is added or deleted from/to the list, the associated WLAN is updated and
deauthenticated. The de-authenticated MU can be re-authenticated once it receives the de-authentication
information from the WLAN.
For a NAC configuration example using the switch CLI, see NAC Configuration Examples Using the Switch
CLI on page 4-78.
To view the attributes of a NAC exclusion list:
1. Select Network > Wireless LANs from the main menu tree.
2. Select the NAC Exclude tab to view and configure all the NAC include enabled devices.
The Exclude Lists field displays a list of devices that can be excluded from a WLAN.
3. Use the Add button to add a device that can be excluded on a WLAN. For more information, see
Adding an Exclude List to the WLAN on page 4-76.
The List Configuration field displays a list of MAC addresses that can be excluded from a WLAN. You
can add more than one device to this list.
4. Use the Add button (within the List Configuration field) to add devices excluded from NAC compliance
on a WLAN. You can create up to 32 lists (both include and exclude combined together) and 64 MAC