Reset Search
 

 

Article

How to configure Router IP discovery for NAC/EAC/Access Control

« Go Back

Information

 
TitleHow to configure Router IP discovery for NAC/EAC/Access Control
Objective
Configure Router IP discovery for MAC to IP Resolution for EAC or NAC appliance
Environment
  • Extreme Management Center
  • Extreme Access Control
  • NAC
  • XMC
  • EAC
  • Access Control
Procedure

Router IP Discovery is a mechanism that Extreme Access Control uses to identify the IP address of the end system. 

Two pieces need to be in place for Router IP discovery to be successful: 

  1. DHCP requests need to be received by the Extreme Access Control appliance. All VLANs/Networks that are going to be authenticated to the EAC appliance but have a DHCP helper/DHCP relay configured on the gateway interface to send DHCP requests to the EAC appliance in addition to the actual DHCP server. EAC uses these packets to obtain device type information, and for Router IP discovery it uses the gateway address in the DHCP request to identify the router that will have ARP information for the client.
  2. In NAC Manager (Java Tool) click tools --> Management and configuration --> Advanced configuration --> Global/Appliance settings --> Appliance settings --> (Appliance setting scheme used, typically "Default"). Make sure "IP Router Discovery" is enabled in the "IP resolution tab, and that the SNMP profile that is selected is appropriate for SNMP contact to the router. If you need to apply different SNMP profiles for different Routers configure each IP subnet in the "IP subnets" section at the bottom with the appropriate IP range, gateway address, and SNMP profile.
  3. Every subnet MUST be defined, or else you will unintentionally filter IP addresses and cause IP Address resolution failures.
  4. Enforce the appliance
__________________________________________________________________________________
The methods for the Extreme Management Center Tool is as follows.
Control->Access Control->Engines->Select Engine and Right Click->Select Engine Settings Default
User-added image
Here, select IP Address Resolution Tab. Either enable or disable Router IP discovery.
If enabled, add Subnets and Save. To disable uncheck Enable Router IP Discovery and save.
User-added image
Additional notes
Router IP discovery has been known to cause high CPU utilization on core routers in large networks. Each time EAC has to use Router IP discovery as the mechanism to perform MAC to IP resolution it will request the entire IpNetToMedia table from the router. It does not store this information to each subsequent MAC to IP Process will cause another SNMP request IpNetToMedia table. 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255