Re: How IP to MAC Mapping is done in NAC Profiler??
Profiler strives to tie all IP-learned information back to a primary MAC-based model of each endpoint.
It utilizes several mechanisms to maintain IP-to-MAC mapping (in order of precedence, highest to lowest): - Observing DHCPAck from the DHCP Server to an endpoint (NetWatch sees complete DHCP transaction for the endpoint); - Observing a complete ARP for an endpoint (NetWatch); - ARP cache information from a network device (L3) gathered by NetMap;
Seeing either a complete DHCP or ARP transaction allows Profiler to retain all profiling data for an endpoint—all IP-learned data tagged with endpoint MAC. Please note that Endpoint can change IP and Profiler will retain all profiling data. Basis for recommendation to deliver SPAN of the VLAN where the DHCP service resides to a NetWatch monitor port of a Collector whenever possible.
Any IP-MAC binding, will cause a shift from modelIP() to modelMAC(). One of the first things that modelMAC() will do is to clear the IP-only model if one exists—which effectively unifies the endpoint model to a single, MAC-based model of the endpoint.
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...