Welcome, Guest. Please login or register.

Author Topic: dot1x and node tracking with dynamic vlans  (Read 257 times)

ntmark

  • Full Member
  • ***
  • Posts: 134
    • View Profile
    • tvnz.co.nz
dot1x and node tracking with dynamic vlans
« on: November 10, 2016, 11:52:07 PM »
We have dot1x enabled on wired network with dynamic vlan assignment but the ports are configured with a default vlan.
What I'm having problems with are node tracking/discovery as the nodes will at some point get an IP on the default vlan, but when they boot up and are authenticated they get assigned a new vlan and get a new IP address.
When looking at a switch in nedi and finding nodes in Node List it is matching the nodes with the default vlan and showing that IP address, and not the one they currently have on their new assigned vlan.

Default vlan 10, IP 10.10.10.10
Dynamic vlan 15, IP 10.10.15.40
Nodes List shows 10.10.10.10 but the node has IP 10.10.15.40

Is there anyway to get the correct IP to show up?

Also when looking at the device -> status  it shows the configured vlanid on the switch port and not what it currently is forwarding as.
I'm not to fussed about this bit, but maybe there could be an option to show either the configured vlans on a port or the in use ones, and possibly include voice vlans/native vlans in the future?

Thanks
Mark.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2509
    • View Profile
    • NeDi
Re: dot1x and node tracking with dynamic vlans
« Reply #1 on: November 15, 2016, 12:55:53 PM »
Hi Mark

It all depends on what the switch reveals about the MAC. The Q-Bridge MIB is the best option for regular switches as it contains the vlanid in the OID:
1.3.6.1.2.1.17.7.1.2.2.1.2

The results looks like 1.3.6.1.2.1.17.7.1.2.2.1.2.Vlanid.MAC = Port

Unfortunately Cisco doesn't support this and resorts to some weird Community Vlan indexing. That's why I recommend using the CLI method, which does a "sh mac-address table".

If this information reflects the actual state, NeDi displays the correct vlan with the node.
BTW there's a template (look for the Vlan icon) in Nodes-List, showing PVID != Vlan nodes.

I'm working on tagged vlan support for all interfaces for NeDi 1.7...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo