This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Additional data for Identity-Management from NAC's DHCP\Kerberos snooping - how it works?

Additional data for Identity-Management from NAC's DHCP\Kerberos snooping - how it works?

Ilya_Semenov
Contributor

‎05-25-2017 06:37 AM

Hello, everybody,

I've configured IM on Summits and send the data to Netsight. I get IP, MAC, sometimes hostnames and usernames. It works fine!

I've been told that if I connect NAC appliance to my Netsight and attach one of its interfaces to the network where DHCP works, I could have also Device Type and Operating System data.

I did, but there is no additional data received. From Netsight I see NAC as "green" device and it seems like everything is OK. But in NAC appliance I see the strange message: "Problems Detected (appliance cannot connect to management server".

How can I fix this? Is it related to absense of additional data in Netsight from IM?

Many thanks in advance,

Ilya

e9a29a0fd7c7403d9f0ea75b3a7c8eb4_RackMultipart20170525-111603-1ampk6x-NAC_inline.jpg



0 Kudos
7 REPLIES 7

Andre_Brits_Kan
Contributor II

‎05-25-2017 08:31 AM

So from the sound of things you have a single vlan so then no need for ip helpes (Only required if you have multiple vlans).

DHCP is a broadcast so the information will hit the NAC in the client vlan.
No need for additional config.

All you will need to ensure is the following:
During initial wizard, ensure that you typed the NMS IP correctly.
Discover the NAC appliance in NMS
Under control, add Switches to the NAC for authentication.
Enbale auth on the switches and you should be good to go.

0 Kudos

Ilya_Semenov
Contributor
In response to Andre_Brits_Kan

‎05-25-2017 08:31 AM

I am very sorry, Andre...

But what will exactly happen when I input such commands on a switch?

Users will be prompted to enter their MACs? And should I have to save their static macs or make kind of binding?

I've never been experienced with netlogin before...
0 Kudos

Andre_Brits_Kan
Contributor II
In response to Andre_Brits_Kan

‎05-25-2017 08:31 AM

Mac Authentication is always good because the NAC will allow this always by default.

enable netlogin mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "Iqzcvu~67"
enable netlogin ports 3-46 mac
configure netlogin mac username format hyphenated
0 Kudos

Ilya_Semenov
Contributor
In response to Andre_Brits_Kan

‎05-25-2017 08:31 AM

Andre,

I did everything, except "Enable auth on the switches and you should be good to go."

What kind of authentication you are talking about?

Thank you!
0 Kudos
Top
GTM-P2G8KFN