we have one Netsight appliance and two NAC-Controller in action. Firmware of all is 220.127.116.11.
After MAC Authentication is working very well, we have activated 802.1x Authentication on the first switch. At first, it works fine. But I have a Question with the Authentication from the NAC-Manager/NAC-Gateway to the Windows Domaincontroller.
We wanted to restrict the Access for the user from the NAC-Manager, which asks the domain for the Clientuser. He should only get Access if he comes from the NAC-Gateway. In this way nobody can block the user account by wrong authentications.
Now we looked at the logfiles from the Domaincontroller. There we see, that the Access Request for the Client is not coming from the NAC-Gateway but from the Domaincontroller itself. So we have to give Access if the NAC-Admin comes from the Domaincontroller.
Can anybody verify this behavior? Can anybody explain this?