NAC Gateway - IP Resolution Possibilities

  • 0
  • 2
  • Question
  • Updated 1 year ago
  • Answered
Analysing recurring MAC-to-IP Resolution problems in conjunction with EXOS Switches...

SecureStacks switches seems to be  easier to handle regarding this topic - maybe of the existing nodealias functionality ...

My question is:
what does "Always Use Fully Trusted DHCP IP" ??



Unfortunately no online Help - no manual - no GTAC KB


Anybody knows that feature ??


PS: These solve my problems basically:
https://extremeportal.force.com/ExtrArticleDetail?n=000012049&q=MAC%20To%20IP%20Resolution%20Usi...


Regards
Photo of M.Nees

M.Nees, Embassador

  • 9,168 Points 5k badge 2x thumb

Posted 1 year ago

  • 0
  • 2
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,710 Points 2k badge 2x thumb
Hi Matthias,

I believe "Always Use Fully Trusted DHCP IP" means that the NAC needs to be able to see both sides of the DHCP conversation. Instead of just seeing the DHCP Request that is seen from IP Helper Addresses, NAC would also need to see the offers and informs afterwards. This is typically accomplished with either a port mirror, promiscuous mode in VMware, or via policy mirror for DHCP traffic.

Thanks,

Tyler