I wonder what is your method to bring all end systems MAC addresses to XMC database? Do you just have EAP enabled on every port?
I am asking because I want to have this data in XMC for visibility, but I also want to avoid having the NAC dependency in some areas of the network.
Solved! Go to Solution.
The End-Systems database is a database with all devices having performed and authentication.
If you have a device that never did an authentication (EAP or MAC) it doesn’t appear in this database.
The easy way is to enable MAC auth on all your client’s switch ports and have a rule allowing the traffic in all cases.
It is a setup with all authentications approved…
Also set the DHCP relays in the routers to send the requests also to the NAC for the finger printing info.
I use RADIUS with MAC auth, but there are ways to do it without that
Bonus to feed from IDM to Netsight https://extremeportal.force.com/ExtrArticleDetail?an=000081388
as Mig wrote authentication is the key to get all MAC addresses. Extreme Control is a NAC solution and build for authentication. Only via authentication the database is filled.
You can authenticate several MACs on one port and all will be added to XMC. As Mig wrote if you create a permit all rule in Control this works fine without any impact to you network. The number of devices that can be authenticated per port depends on the switch model and vendor.
Thanks for sharing. Do you know how that works if you have several MACs behind a port for example on an uplink to an ESX Server? Will Control add all MACs to the End-Systems database?
I am also looking for a another feasible solution without actually doing authentication on the ports?