IP resolution using SNMPv3 from NAC Gateway in VPN deployment

How to do IP resolution from NAC Gateway using SNMPv3 in VPN deployment.
  • NAC Manager
NAC gateway can use “IpNetToMedia” SNMP MIB to resolve the end-system IP address from switch in VPN deployed environment. Even though Nodealias MIB support IP address and MAC address for the device, but it can’t be used because EXOS doesn’t support it.

1. Open “Advanced Configuration” via Tools > Management and Configuration > Advanced Configuration
2. In left-tree, Global and Appliance Settings > Appliance Settings > Default
3. Select “IP Resolution” tab
4. Add IP Subnets
User-added image

In EXOS switch, you need to configure IDM and DHCP snooping on the switch ports to allow for the tracking of an end-system’s IP address by switch.
If the switch is aware of the IP address, NAC can query it via SNMP to expedite the IP resolution process.

enable identity-management
configure identity-management add ports <portlist>

enable ip-security dhcp-snooping vlan <vlan> port <uplink ports that DHCP server connected> violation-action none
configure trusted-ports <uplink ports> trust-for dhcp-server
configure trusted-servers vlan <vlan> add server <DHCP Server IP> trust-for dhcp-server

And can also use Bootp relay to NAC through VPN.

configure bootprelay add <NAC gateway IP> vr <VR-name>
enable bootprelay vlan <VLAN to relay toward NAC>
enable bootprelay vlan <DHCP client VLAN>
