04-07-2022 12:41 PM
Solved! Go to Solution.
04-12-2022 07:57 AM
Hello,
Do you have any global subnets enabled for Router IP discovery? If the subnet is not defined these act as filters and can prevent showing the correct address.
I think that screenshot is from policy "User Sessions" tab. Does it show the same 169 address in Control end systems tab as it does in the policy "User Sessions". Policy User sessions is a bit different from end system information from Control.
If you see the same 169 address in Control you can try the following:
Right click the NAC that will be handling the authentication for the end system --> WebView --> Diagnostics --> Appliance/Server Diagnostics
Set the following to "Verbose"
Authentication request processing - NAC
IP resolution
DHCP
Click OK.
Then delete the end system in control and have the device re-authenticate. Once the link local address is seen, go back and disable diagnostics. The log will contain information on how IP resolution was determined. You can try to search the log for the actual IP address of the device, or the link local.
Searching by last 3 octets of the mac address hyphen delimited will show all debug lines associated to the end system itself.
Eg:
If mac address is:
12:34:56:11:AA:22
Search for:
11-AA-22
The debug log may contain sensitive information so I would not suggest uploading it to this thread.
Thanks
-Ryan
04-09-2022 02:01 PM
Hello,
Control has a couple of different mechanisms it can use for IP resolution when integrating with EXOS switches. The only way to figure out exactly how this address was identified is to turn on debug for "IP Resolution" and check debug logs.
Do you know if nodealias is enabled on the port? If you do a "show nodealias port" do you see the correct IP address in nodealias?
Nodealias is the primary mechanism for IP resolution for EXOS switches.
The other thing that you may be able to do is in Control --> Engines --> right click the Engine --> Engine Settings --> IP resolution set the "Use DHCP Request IPs" set the it to "Always".
As long as you are relaying DHCP requests to the NAC it can now use them to help populate IP addresses.
Thanks
-Ryan
04-11-2022 10:14 AM
04-12-2022 01:47 AM
04-12-2022 04:09 AM
"The authentication request was rejected due to NTLM authentication error: No response to NTLM request"
"Authentication request became stale, challenge sent, no response received from client"