Router IP Discovery is a mechanism that Extreme Access Control uses to identify the IP address of the end system.
Two pieces need to be in place for Router IP discovery to be successful:
- DHCP requests need to be received by the Extreme Access Control appliance. All VLANs/Networks that are going to be authenticated to the EAC appliance but have a DHCP helper/DHCP relay configured on the gateway interface to send DHCP requests to the EAC appliance in addition to the actual DHCP server. EAC uses these packets to obtain device type information, and for Router IP discovery it uses the gateway address in the DHCP request to identify the router that will have ARP information for the client.
- In NAC Manager (Java Tool) click tools --> Management and configuration --> Advanced configuration --> Global/Appliance settings --> Appliance settings --> (Appliance setting scheme used, typically "Default"). Make sure "IP Router Discovery" is enabled in the "IP resolution tab, and that the SNMP profile that is selected is appropriate for SNMP contact to the router. If you need to apply different SNMP profiles for different Routers configure each IP subnet in the "IP subnets" section at the bottom with the appropriate IP range, gateway address, and SNMP profile.
- Every subnet MUST be defined, or else you will unintentionally filter IP addresses and cause IP Address resolution failures.
- Enforce the appliance
The methods for the Extreme Management Center Tool is as follows.
Control->Access Control->Engines->Select Engine and Right Click->Select Engine Settings Default
Here, select IP Address Resolution Tab. Either enable or disable Router IP discovery.
If enabled, add Subnets and Save. To disable uncheck Enable Router IP Discovery and save.