Header Only - DO NOT REMOVE - Extreme Networks

NAC Feature "RADIUS Clients to Monitor NAC"

  • 18 November 2016
  • 7 replies
  • 379 views

Userlevel 6
During playing around (for another huge installation) in my lab NAC, i stumble over the above feature!

RADIUS Clients to Monitor NAC ??

Are there any use cases or configuration examples? Current Online Help, NAC Manuals are not helpful.

What is the difference between using "RADIUS Clients to Monitor NAC" or to configure a out-of-band system (like nagios) in standard "switch section" as regular RADIUS client to test RADIUS requests?

replys are welcome.

7 replies

Userlevel 7
Hello Matthias,

as I understand this feature, it can be used to monitor NAC using e.g. Nagios/Icinga (or Spectrum or ...) with a special account that is valid for monitoring only. This account does not allow network access. This is more secure than using a real user account for monitoring.

Erik
Userlevel 6
Hello Matthias,

Please see the following help section description for the service:

Any authentication request coming from an IP address that matches the list of RADIUS monitor clients will be authenticated using the password you provided in the AAA mapping. In these cases, the username does not matter. The password configured will not be able to be used for authentication from any other part of the network. The Access Control engine responds back with a basic accept to any RADIUS monitor client’s RADIUS request.

Thanks
-Ryan
Userlevel 6
As well, it saves using one of your licensed switches for the monitoring host. I've just moved my monitoring script over to this method, and the other thing I noticed is it doesn't create an end-system (as I was using a fake MAC address).

When was this feature added, 7.0? It's not in the release notes at all.
Userlevel 6
Hi James,

this makes sense and explained why the netsight programmer adding this GUI option.

This feature was added in Netsight 6.2:
Ability to configure RADIUS monitoring tools to monitor NAC appliance performance and availability.


Regards
Userlevel 6
I though a little deeper to use this feature on some customer installations ...

i will try to use not just a password for authentication but rather a user account which resides in the backend Active Directory, so with this i can check the whole Authentication process within NAC backend connectivity.
(i hope this will work)

Regards,
Matthias
Userlevel 1
I'd like to use this feature to monitor our NACs. What kind of scripts are you using? Are you utilizing your checks with Nagios/Icinga?

Regards,
Peter
Userlevel 6
I'd like to use this feature to monitor our NACs. What kind of scripts are you using? Are you utilizing your checks with Nagios/Icinga?

Regards,
Peter
I use this one https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/check_freeradius-2Epl/detai... but there's plenty available
https://exchange.nagios.org/directory/Plugins/Network-Protocols/RADIUS

Reply