This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC seeing MAC authentication as PAP on some Windows End-Systems

NAC seeing MAC authentication as PAP on some Windows End-Systems

LeoP1
Contributor

‎09-09-2015 07:12 PM

Greetings,

Another mysterious problem...

Testing a deployment of NAC (6.3) on a B5 environment (latest FW), for some odd reason, some ESs are displayed using PAP as authentication on NAC Manager while others shows MAC(PAP) as used (and worked well in NMS 5).

They don't use Machine Authentication, just MAC (for Workstations) and 802.1x for users.

I'm getting a lots of calls about ESs with problems connecting to the network, and almost in all cases, the refered ES shows authenticated by PAP. The only way to make it work again is to disconnect the ES network cable and reconnect it... Now the user can logon and work...

I've already created a rule to PAP auth exactly the same as MAC(PAP) auth, just to NAC apply the appropriate role to the ES.

It seems to be a Windows problem, but it worked before the upgrade to 6.3 without issues.

Any ideas?

Best regards,

-Leo
0 Kudos
1 REPLY 1

Zdeněk_Pala
Extreme Employee

‎09-11-2015 04:20 PM

Hi,

I would suggest to capture the radius authentication requests and compare those two = MAC(PAP) and PAP.

You can also enable debug on the NAC-GW and see what is in the log then.

if the radius request is correct in both cases => the NAC is guilty.
If the radius request is different in each case => the switch is guilty.

You can always contact GTAC for help.

Regards

Zdenek
Regards Zdeněk Pala
0 Kudos
GTM-P2G8KFN