Reset Search
 

 

Article

XOS nodealias does not assist in resolving IP resolution or IP address with Access Control (NAC)

« Go Back

Information

 
TitleXOS nodealias does not assist in resolving IP resolution or IP address with Access Control (NAC)
Symptoms
  • Static IP addresses are not resolved when Nodealias command is enabled in XOS type switches
  • Nodealias command shows MIB populated for ctAlias, but does not get resolved in Access Control (NAC)
  • IP resolution debug or end station debug shows ExtremeIdMgrIPResolutionWorker or Extreme IdMgr in debug

Partial debug output
INFO [ExtremeIdMgrResolutionSnmpWorker] ESDMAC:6C-67-D2 Starting Extreme IdMgr IP resolution for XX-XX-XX-6C-67-D2
DEBUG [ExtremeIdMgrResolutionSnmpWorker] ESDMAC:6C-67-D2 Starting to read from 1.3.6.1.4.1.1916.1.36.2.4.1.3.xxxxx
DEBUG [ExtremeIdMgrResolutionSnmpWorker] ESDMAC:6C-67-D2  Unable to read extremeLocationInetAddrDetectMethod (1.3.6.1.4.1.1916.1.36.2.4.X.X


 
Environment
  • NAC
  • Extreme Management Center
  • Access Control
  • nodealias
  • ctAlias
  • XOS
Cause
NAC is unable to determine switch is using Nodealias or ctAlias functionality to resolve IP address of clients.
Resolution
Occasionally, the NAC acts as if it is a different switch type, and does not use the ctAlias MIB to query. This is often because the switch was modeled before nodealias command was enabled.

To clear this, webview must be entered in each NAC
https://<ipofNAC>:8443

username:admin
defaultpassword:Extreme@pp

These credentials may not be default - if so, check the following article.
Where are the Admin Web Page Credentials for Extreme Control (NAC)


From Webview Diagnostic mode, we want to go to 

Status->Switches and Routers

Scroll to Switch Dynamic Information

For the switch that is having issues with this, click on clear button This should not interrupt authentication process, and has been performed previously in critical environments at critical times.

The output there for the switch may or may not change. It is then best to use debug to ensure it uses ctAlias, like in below screenshot.
2018-01-09 15:14:59,403 INFO  [CtAliasMacAddressIpResolutionSnmpWorker] ESDMAC:68-1D-C1 Starting CtAliasMacAddressTable IP resolution for: XX-XX-4F-68-1D-C1 on switch: 10.X.X.254 and ifIndex: 4031
2018-01-09 15:14:59,403 DEBUG [CtAliasMacAddressIpResolutionSnmpWorker] ESDMAC:68-1D-C1 Starting to read from: 1.3.6.1.4.1.52.4.1.3.7.1.1.5.1.1.0.xx.xx.104.29.193


 
Additional notes
Nodealias for IP resolution is considered a low priority and not reliable. Typically ip resolution works best with DHCP clients.
If more than one IP is found to be tied to the MAC address of the client using nodealias or ctAlias, the IP resolution will NOT be used.

For setup of nodealias on XOS switches se 
How to configure nodealias on an XOS, Summit switch for better NAC / Control IP resolution

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255