cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Additional data for Identity-Management from NAC's DHCP\Kerberos snooping - how it works?

Additional data for Identity-Management from NAC's DHCP\Kerberos snooping - how it works?

Ilya_Semenov
Contributor
Hello, everybody,

I've configured IM on Summits and send the data to Netsight. I get IP, MAC, sometimes hostnames and usernames. It works fine!

I've been told that if I connect NAC appliance to my Netsight and attach one of its interfaces to the network where DHCP works, I could have also Device Type and Operating System data.

I did, but there is no additional data received. From Netsight I see NAC as "green" device and it seems like everything is OK. But in NAC appliance I see the strange message: "Problems Detected (appliance cannot connect to management server".

How can I fix this? Is it related to absense of additional data in Netsight from IM?

Many thanks in advance,

Ilya

e9a29a0fd7c7403d9f0ea75b3a7c8eb4_RackMultipart20170525-111603-1ampk6x-NAC_inline.jpg



7 REPLIES 7

Andre_Brits_Kan
Contributor II
So from the sound of things you have a single vlan so then no need for ip helpes (Only required if you have multiple vlans).

DHCP is a broadcast so the information will hit the NAC in the client vlan.
No need for additional config.

All you will need to ensure is the following:
During initial wizard, ensure that you typed the NMS IP correctly.
Discover the NAC appliance in NMS
Under control, add Switches to the NAC for authentication.
Enbale auth on the switches and you should be good to go.

I am very sorry, Andre...

But what will exactly happen when I input such commands on a switch?

Users will be prompted to enter their MACs? And should I have to save their static macs or make kind of binding?

I've never been experienced with netlogin before...

Mac Authentication is always good because the NAC will allow this always by default.

enable netlogin mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "Iqzcvu~67"
enable netlogin ports 3-46 mac
configure netlogin mac username format hyphenated

Andre,

I did everything, except "Enable auth on the switches and you should be good to go."

What kind of authentication you are talking about?

Thank you!
GTM-P2G8KFN