cancel
Showing results for 
Search instead for 
Did you mean: 

NAC AAA rule assentment .

NAC AAA rule assentment .

Frank11
New Contributor
NAC 6.3.0.168, Wireless V2110 9.21.09.0004
I have a strange issue with devices not using the right AAA rule in the NAC even though when checking the device via the NAC evaluation tool tells me it should be using the right rule.

The NAC is setup for proxy Radius to a windows NPS server. When I run the NAC evaluation tool I get the correct information below with the correct rule "BYOD-test" passed.

f9b222598dd94c1bb00290714c7aaa31_RackMultipart20160531-125329-2alla9-BYOD-Rule_inline.jpg


BUT looking at the NAC end-systems data for that device it goes to the end "catch-all" rule, not the rule the evaluation tool displays.

f9b222598dd94c1bb00290714c7aaa31_RackMultipart20160531-79076-nrg4wl-BYOD-Rule1_inline.jpg



Any idea's where to look or are there other tools I can use for testing?
8 REPLIES 8

Zdeněk_Pala
Extreme Employee
Https:/:nac-gw:8444 there you should have diagnostics tools and log. The username and password is configured in your nacmanager
Regards Zdeněk Pala

Jeremy_Gibbs
Contributor
What are the rule requirements for BYOD?? Show us your rules.

Here are the rules.

9c58245930f14c11a6ea9094e36d4e2b_RackMultipart20160531-35643-1thxm3g-BYOD-Rule2_inline.jpg



The SMC-Staff NAC rule and SMC-Student NAC rule work perfectly going to the same windows NPS.

9c58245930f14c11a6ea9094e36d4e2b_RackMultipart20160531-96223-wy9v3m-BYOD-Rule3_inline.jpg



I will try to find other logs and where to increase the verbosity level. Not sure where these are yet.

Zdeněk_Pala
Extreme Employee
Is your rule comdition(s) based on MAC address? The changing of endsystem group (adding MAC to the group) does not require enforce, but can take some time to propagate from Netsigh (management) to the gateway (engine). I met also situation when this updates never happened and Netsighr reboot was necessary to fix the issue. Regarding debugging have you tried increase the verbocity level and check logs?
Regards Zdeněk Pala
GTM-P2G8KFN