This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC not working Re-Authentication clients

NAC not working Re-Authentication clients

dpriorgo
New Contributor

‎10-25-2022 05:30 AM

Hi everybody,

I'm running NAC Extreme Management Center 8.5.7.28 and also Client Java JRE Version 1.8.0_181, and on both console I experimented the same problem. 

When I try to Force re-authenticate an endsystem client from the right click mouse button on menu nothing happens.

The only way to reauthenticate client is from command line cisco stwich to down an up the switch port, but this is not the right way. 

We have write access on SNMP community, also we tried to override Reauthentication behaviour from advanced settings on switch configuration but it didnt work.

The switches devices are all from same vendor, Cisco Catalyst C2960X.

Could anybody try to explain what is not working reauthenticate clients via NAC console?

Thanks, and best regards.

0 Kudos
2 REPLIES 2

Ryan_Yacobucci
Extreme Employee

‎10-26-2022 05:49 AM

Hello,

Likely Extreme Control does not have a reauth worker mapped to the sysObjectId of the device.

To check this: 

Right click the NAC --> WebView --> Status --> Switches and Routers
Scroll down to the "Dynamic Switches" Section, find the IP of the switch and see what is configured under the "Reauth worker" column. 

Here is an article on how to create a re-auth mapping for 3rd party devices:
https://extremeportal.force.com/ExtrArticleDetail?an=000079470

If the device supports RFC 3576/5176 we recommend this method over SNMP ifAdminStatus toggles, but you have the option to create both when you create the mapping. The article details use with RFC 3576, but you can just set it to use SNMP instead. 

Control should automatically be able to identify correct switch port mappings to issue an SNMP set for ifAdminStatus to toggle the link.

Thanks

-Ryan

0 Kudos

Robert_Haynes
Extreme Employee

‎10-26-2022 05:16 AM

This would generally boil down to Control either not being able to determine the proper reauthentication worker or if manually specified is not the expected MAC format the switch is expecting. Traces and debug logs would be helpful. If you continue to have issues consider opening a GTAC support case.

Robert_Haynes_0-1666786560297.png

 

0 Kudos
GTM-P2G8KFN