Radius accounting is listening on NAC on port 1813 for Radius attribute FRAMED-IP to look for changes to role state/user-id for end station. (NOT ALL RADIUS ACCOUNTING DEVICES SUPPORT ATTRIBUTE.)
This is taken as most accurate by NAC for IP resolution. Some switches will send the framed-IP also in radius authentication packets, this will not be used by NAC for IP resolution, only when the framed-IP attribute is send in an accounting packet it will be used by NAC.
Make sure SNMP is returned from switch. IpNetToMedia and ctAlias MIBs are used. ctAlias is only supported on some Extreme switches.DHCP is also listened to so it gets to see the full hand shake of client/server. It will not participate in DHCP process but is passively listening to gain knowledge of end station identity. Make sure router's IP-helpers are configured to forward to the NAC IP address.Right click the NAC --> Webview ---> Status --> Switches and Routers
- The switch dynamic information section will indicate if any devices have SNMP contact issues.
DHCP is also listened to so it gets to see the full hand shake of client/server. It will not participate in DHCP process but is passively listening to gain knowledge of end station identity. Make sure router's IP-helpers are configured to forward to the NAC IP address.
How to configure nodealias on an XOS, Summit switch for better NAC / Control IP resolution
If the switch is EXOS with nodealias enabled, NAC will only use the ctnodealias table if it discovered this was enabled at the moment the switch was added to NAC. If nodealias is enabled after the switch was added to NAC and you want to have NAC use the nodealias table, go to the webview switches & routers view, and clear the cached data for the switch dynamic information. After that NAC will check again if the switch supports nodealias and starts using it if possible.