Network Access Control

 View Only

  • 1.  No SNAC Agent response

    Posted May 06, 2013 07:44 AM

    hello

    I testing in my customer SNAC with Lanenforcer.

    When debug status from LANenforcer I see

    No SNAC Agent response for client and  host integrity is unanvailbe although it passes on endpoint logs.

    below result of debug.

    New inner challenge format, in PEAP body.
    May/06/2013 13:05:07.822  [  radproxy.c][ 6578]: Send PEAP Challenge to client CN\test(E8-39-35-55-10-29)[0000004a] via switch 10.1.60.19
    May/06/2013 13:05:07.826  [  radproxy.c][ 5242]: PEAP from client CN\test(E8-39-35-55-10-29)[0000004a], start packet eap id is 69, current eap packet id 69
    May/06/2013 13:05:07.826  [  radproxy.c][ 5257]: From client CN\test(E8-39-35-55-10-29)[0000004a], Payload=116, EAP Length=120, eaphdr=4, Reply=52
    May/06/2013 13:05:07.826  [  radproxy.c][ 5412]: No SNAC Agent response for client CN\test(E8-39-35-55-10-29)[0000004a] enfhdr=00000000
    May/06/2013 13:05:07.826  [  radproxy.c][ 5487]: Forward packet from client CN\test(E8-39-35-55-10-29)[0000004a] via switch 10.1.60.19 to RADIUS server 10.143.159.11
    May/06/2013 13:05:07.827  [  radproxy.c][ 6648]: Simple Forward PEAP to client CN\test(E8-39-35-55-10-29)[0000004a] via switch 10.1.60.19
    .

    .

    .

    .

    PEAP from client CN\test(E8-39-35-55-10-29)[0000004a], start packet eap id is 69, current eap packet id 79
    May/06/2013 13:05:08.208  [  radproxy.c][ 5487]: Forward packet from client CN\test(E8-39-35-55-10-29)[0000004a] via switch 10.1.60.19 to RADIUS server 10.143.159.11
    May/06/2013 13:05:08.210  [  radproxy.c][ 6935]: EAP Auth ACCEPT received from RADIUS 10.143.159.131 for client CN\test(E8-39-35-55-10-29)[0000004a].
    May/06/2013 13:05:08.210  [  radproxy.c][ 9185]: Client CN\test(E8-39-35-55-10-29)[0000004a], Status Received(HI:UNAVAILABLE, EAP:PASSED, PRO:UNAVAILABLE), UID

     



  • 2.  RE: No SNAC Agent response

    Posted May 07, 2013 06:09 AM

    What do the SNAC logs on the client itself say?  Also, have you checked the versions of the appliance/client/manager match?



  • 3.  RE: No SNAC Agent response

    Posted May 07, 2013 01:30 PM

    Hello

    When check log security on endpoint   Host Integrate Pass

    On client is 12.1 ru2 endpoint LanEnforcer update to the same version.



  • 4.  RE: No SNAC Agent response

    Posted Jun 04, 2013 06:36 PM

    Hi men.

    What kind configure you used for SNAC (full or transparent)??.

    http://www.symantec.com/business/support/index?page=content&id=TECH91193

    http://www.symantec.com/business/support/index?page=content&id=TECH91219

    Did you active the 802.1x authentication in the specific group?? (in this group you must have the client that you wish authenticated

    What is the global configuration to the Switch and what is the brand??

    Do you have Switch logs??

     

    Regards. XD