NAC Manager - End-System Events does not show all Authentication Events ????

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Currently i configure for a customer project NAC (Netsight 7.0.6.27) with X440-G2 (EXOS 21.1.1.5). On every port MAC and 802.1x  - Multi-User / Multi-Method Authentication - to be mostly flexibel. 802.1x is prefered on the switch (compare to mac).

The used alcatel Phones coming with a working 802.1x supplicant (EAP-TLS) - because this is step 2 or 3 (making EAP-TLS working) i ignore TLS (and the resulting RADIUS reject). I configure MAC Auth correctly and end-systems will result an accept.

To avoid loosing voip end-systems out of NAC Database (because of purging end-systems older than 90 days) i added  an RADIUS Accept Attribute to this voip phones - Session Timeout = xx seconds. For testing purpose i set this to 60 seconds.

So this work fine. Voip phones are authenticated at startup with mac successfully (dot1 was rejected). After that i can see with tcpdump that every 60 second the phone is re-authenticationed with mac (successfully) and dot1x (unsuccessfully - but this does not matter).

BUT i am wondering very much - NAC Manager - End-systems Events shows regarding this re-auth (or session timeout) events only the unsuccessful dot1x events - NOT the sucessful mac events (which i expect to see).

Why ?
Is this explainable ?

See here:
- Picture will be added soon -
Photo of M.Nees

M.Nees, Embassador

  • 9,640 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of M.Nees

M.Nees, Embassador

  • 9,640 Points 5k badge 2x thumb
Here the screen:
Photo of Jacob, Praveen

Jacob, Praveen, Employee

  • 1,022 Points 1k badge 2x thumb
Matthias, 

Please take a look at this KB article. 

https://gtacknowledge.extremenetworks.com/articles/How_To/Mac-reauthentication-enabled-on-EOS-switch...

This should help NAC to display the MAC authentication Accept messages. 

Thanks,
Praveen Joseph Jacob
Photo of M.Nees

M.Nees, Embassador

  • 9,640 Points 5k badge 2x thumb
Hi Jacob,

thanks for this advice! That sounds good.

I will try it and let you know!


Regards
Photo of M.Nees

M.Nees, Embassador

  • 9,640 Points 5k badge 2x thumb
Hi Jacob,

i test this currently at customers installation! It works fine!!

Thanks a lot for this hint!


Regards