cancel
Showing results for 
Search instead for 
Did you mean: 

MAC to IP resolution between Wireless Controller and NAC

MAC to IP resolution between Wireless Controller and NAC

Joshua_Beddingf
New Contributor II
We are having trouble with guests completing the captive portal registration on the NAC. This is apparently a MAC-to-IP resolution issue between the EWC and the NAC. The subnet for the captive portal is 10.200.x.x and the DHCP is handled by the EWC's onboard DHCP for the topology.

I doing something wrong because the NAC is not resolving these addresses therfor they connot complete registration. The information from the switches resolves perfectly but not from this "guest" subnet. I am sure there is a check box somewhere I am missing, any help?

14 REPLIES 14

Ronald_Dvorak
Honored Contributor
If I unterstand that correctly you can't ping the guest client from the NAC - correct ?
If that is that case - have you configured a IP route on the NAC to reach the guest subnet.
Do you use the main interface on the NAC for the guest auth or did you enabled the 2nd NIC for it.

Joshua_Beddingf
New Contributor II
The NAC Integration was already configured. Thanks.

Ronald_Dvorak
Honored Contributor
You'd set the NAC IP in the controller so DHCP information is provided to the NAC.
GUI > VNS > global > NAC integration

Joshua_Beddingf
New Contributor II
The NAC portal is not in the same subnet - because there are two controllers each with a B@EWC topology - therefor two guest topology subnets.

I made two changes and am currently testing. I checked "Enable RADIUS Accounting" and added the NACs into the field. I also unchecked "Collect Accounting Information of Wireless Controller". The other screenshots showed no changes needed. This last screenshot did have some differences.

I am not seeing an increase in success for MAC-to-IP but the first device I tested for captive portal registration succeeded. I am doing more testing now.

Ronald_Dvorak
Honored Contributor
Is that a bridge@controller topology = the clients get a IP in the same subnet as the NAC portal ?

The unregistered role should look something like this....
allow DHCP, DNS, http and https to the portal, ARP, return dircetion and deny the rest.

68c302bc8fca4c7da04b437ed482caea_RackMultipart20170828-4395-1pmq6l1-EWC_guest_role_inline.png



Also check that...
https://gtacknowledge.extremenetworks.com/articles/Q_A/Why-the-redirection-to-portal-page-failed-for...

Is MAC auth also enabled ?

68c302bc8fca4c7da04b437ed482caea_RackMultipart20170828-110689-15sce1k-EWC_ECP_wlan_service_inline.png



Cheers,
Ron
GTM-P2G8KFN