We are running a C5210 controller with V9.15.07.0008 and NMS V18.104.22.168
We have a IA-A-20 NAC appliance also deployed.
We have 2 different VNS's configured, one for the production environment and one for Public internet access.
The configuration of two VNS's is as follows:
- Production VNS
- Configured to use 802.1x Authentication
- 802.1x Authentication utilizes a Microsoft NPS server for authentication
- VNS utilizes a "Bridge @ AP" topology
- Configured to use Mac Authentication
- MAC Authentication utilizes the NAC Appliance server for authentication
- VNS utilizes a "Bridge @ EWC
- DHCP is provided by Service Provider
- The Public Internet Topology interface is configured with a IP address in the Service provider network
- NAC integration is enabled with the IP address of the NAC appliance configured.
If we select the individual NAC appliance it only shows the "End systems" connected to the "Public Internet VNS. We are also missing device type information but the IP's resolve
So now for the questions:
- Why do we see the Production clients in NAC Manager as "End systems" even though the Production VNS is not configured to use the NAC at all for authentication?
- Does the Production "End systems" count towards my "End system" license?
- Oneview reports the total unique users as the total of both the Production and Public Internet "End systems" we would only like to see the "Public internet" End systems.
This question should probably go to GTAC but i thought lets ask the community first....