This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

End Systems MACs collection

End Systems MACs collection

Go to solution
Dan15
Contributor

‎01-08-2021 08:01 AM

I wonder what is your method to bring all end systems MAC addresses to XMC database? Do you just have EAP enabled on every port? 

I am asking because I want to have this data in XMC for visibility, but I also want to avoid having the NAC dependency in some areas of the network.

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎01-08-2021 08:19 AM

Dany,

The End-Systems database is a database with all devices having performed and authentication.

If you have a device that never did an authentication (EAP or MAC) it doesn’t appear in this database.

 

The easy way is to enable MAC auth on all your client’s switch ports and have a rule allowing the traffic in all cases.

It is a setup with all authentications approved…

Also set the DHCP relays in the routers to send the requests also to the NAC for the finger printing info.

Regards

Mig

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Dan15
Contributor

‎01-15-2021 10:12 AM

Thank you for the hints!

Unfortunately we are in a ERS/VSP environment and there is no support for identity management 6ed8359a19664a51af1399b4b3ab0055_1f60f.png

0 Kudos

Go to solution
James_A
Valued Contributor

‎01-14-2021 02:57 AM

I use RADIUS with MAC auth, but there are ways to do it without that

https://extremeportal.force.com/ExtrArticleDetail?an=000080009

Bonus to feed from IDM to Netsight https://extremeportal.force.com/ExtrArticleDetail?an=000081388

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎01-08-2021 12:47 PM

Hello Dany,

as Mig wrote authentication  is the key to get all MAC addresses. Extreme Control is a NAC solution and build for authentication. Only via authentication the database is filled.

You can authenticate several MACs on one port and all will be added to XMC. As Mig wrote if you create a permit all rule in Control this works fine without any impact to you network. The number of devices that can be authenticated per port depends on the switch model and vendor.

Regards Stephan
0 Kudos

Go to solution
Dan15
Contributor

‎01-08-2021 09:28 AM

Hi Mig,

Thanks for sharing. Do you know how that works if you have several MACs behind a port for example on an uplink to an ESX Server? Will Control add all MACs to the End-Systems database?

I am also looking for a another feasible solution without actually doing authentication on the ports?

Regards

0 Kudos
GTM-P2G8KFN