Incorrect Rule Hit on NAC

  • NAC sending reverse DNS queries to decommissioned DNS servers
  • Query to decommissioned servers breaking NAC rule engine processing because there are several Host LDAP Groups defined
  • manually adjusting the "/etc/resolv.conf" on the NAC does not fix
  • NAC
  • Captive Portal
Without the ability to resolve the FQDN of the incoming end-systems , NAC is missing the LDAP "Exists" Rules".
Use NAC manager to correct the DNS
Additional notes
Adjustment of Network Parameters on the NAC Appliance needs to be accomplished via either a re-run of the initial configuration script (called via the "nacconfig" command), or via the

"Networking" Tab in the "Appliance Settings" of the NAC Manager GUI. These processes do adjust
the "/etc/resolv.conf"; however, they also make broader changes within the NAC Application a level above the Linux OS.




