Header Only - DO NOT REMOVE - Extreme Networks

Connected wireless clients are not shown in NAC's End-Systems



Show first post

34 replies

Userlevel 4
The easiest way is to enable diagnostic. Go to web page of nac , port 8443. The creds please check via old java app. Then go to diagnostic, enable things related to radius. The output check at /var/log/radius/radius.log. I am sure the problem will be obvious from there. Didn't get any emails. Could you please copy it to iliyasemenov@mail.ru?

The previous post was a bit emotional, excuse me.
Userlevel 5
The easiest way is to enable diagnostic. Go to web page of nac , port 8443. The creds please check via old java app. Then go to diagnostic, enable things related to radius. The output check at /var/log/radius/radius.log. I am sure the problem will be obvious from there. You should be getting email by now. Let me know if not.
Userlevel 7
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
Userlevel 4
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
Ron, are you kidding?

The main goal is to sell NAC.

Now the customer has a beautiful web page on Fortigate, where users input their AD credentials. It is impossible to create it on V2110. IMPOSSIBLE.
Userlevel 7
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
Nope no joke....

My question is whether this additional step is needed.
I also use NAC to authenticate my internal/staff clients but why via a portal if username/password authentication is build into the client = 802.1X PEAP via NAC/LDAP.

I'd unterstand if you'd like to authenticate older devices that sometimes don't support PEAP and then choose a portal or for guest portal access but not if the clients support PEAP and they are internal/staff = in the AD.

I.e. my rule....


Only a user with 802.1X auth, in the AD group WLAN, in the MAC list Ron, on the SSID Secure Access is able to get this Policy/Role and is able to connect.

The use of 802.1X also makes sure that the connection AP<->Client is encrypted.

Could be that I don't unterstand the design requirement - that was the reason for my question.
Userlevel 4
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
Ron, I am not following you...

What additional step you are talking about?

University students and staff have to input their credentials manually on NAC portal by hands, SSO is not needed. They have to see portal interface and links on it.

Sense of your rule is not clear for me, I just make my first steps with NAC.

Thank you...
Userlevel 7
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
I'd like to be honest with you.... I don't think that someone is able to configure NAC successfully without attending the official training first.

The system is far too comprehensive to know how/where to configure the different parameters/options.
The system could do A LOT but you'd need to be trained to know how and that is IMHO nothing that you'd learn in a forum post.

Back in 2014 I've took the training and it was 4 weeks (NAC, Policy Manager, BYOD, Netsight) and even after that it took me some playing around in my lab to get a better unterstanding how everthing works (now it's only two weeks = XMC, NAC).

So my best advise is to attend the training or pay someone to do the installation for you and use that as hands on training to learn about the system.
Userlevel 4
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
There are no training and experts in NAC in Russia. I am engineer of a partner company, not a customer. I am totally broken. Now appliance is amber in console, but green in XMC. Nothing works. Vicious circle.
Userlevel 6
For what kind of users is that WLAN service ?
If they are in the internal AD I'd assume they are staff.
In that case why not just use PEAP/NAC instead of the NAC portal.
Ilya: what encryption is your Wifi network using? Is changing it to WPA2-Enterprise not an option?

Reply