In some cases, such as when the DHCP server is in a separate VLAN than the span/mirror port, the mirrored port traffic is 802.1q tagged. In this case, in order for Novell ZENworks Network Access Control to recognize the traffic, the following workaround must be performed.
Set up the virtual interface:
Log in to each ES that is monitoring a port using SSH or directly with a keyboard.
Enter the following command at the command line:
cd /etc/sysconfig/network-scripts
For 802.1X mode:
Enter the following at the command line:
cp ifcfg-eth1 ifcfg-eth1.1
Open the ifcfg-eth1.1 file with a text editor such as vi.
Change the following line:
DEVICE=eth1
To:
DEVICE=eth1.1
For DHCP mode:
Enter the following at the command line:
cp ifcfg-eth0 ifcfg-eth0.1
Open the ifcfg-eth0.1 file with a text editor such as vi.
Change the following line:
DEVICE=eth0
To:
DEVICE=eth0.1
Append the following line to the bottom of the file:
VLAN=yes
Modify the IPADDR line if needed.
Save and exit the file.
Restart the network interface by entering the following at the command line:
service network restart
Change the interface the EDAC listens on:
Log in to the MS using SSH or directly with a keyboard.
For 802.1X mode, enter the following command at the command line:
setProperty.py -c <cluster name> Compliance.ObjectManager.NACModeTcpdumpInterface=eth1:1
For DHCP mode, enter the following command at the command line:
setProperty.py –c <cluster name> Compliance.ObjectManager.DDHCPModeDHCPInterface=eth1:1
Verify the change:
Log in to each ES using SSH or directly with a keyboard.
Enter the following command at the command line:
ifconfig
Verify that the virtual interface you created is listed.
Open the following file:
/var/log/nac/nac-es.log
Verify that the EDAC is using the virtual interface you created. The log should contain a line similar to the following:
[070509-MDT 10:53:11.366 DeviceActivityCapture-INFO ] Listening on: eth1:1