Header Only - DO NOT REMOVE - Extreme Networks

NAC Gateway: Is it possible to bind RADIUS daemon to a second interface / nic ?


Userlevel 6
Is it possible to bind the RADIUS daemon on NAC Gateway on two interfaces simultaniously ? We need this during a network migration period.

NAC Gateway have IP A (eth0)- where Management, Netsight Communication and RADIUS is running currently. Additionally we want having IP B (eth1) within a different IP Subnet. So we can move our switches (which have configured mac Auth) from the old network to the new network.

Is that possible ? The GUI seems to support that ! Did any try this before ?
Any side effects that have to be considered ?

6 replies

Userlevel 2
The secondary ethernet interface of a NAC Gateway is not designed for communitcation, it is only designed for some traced or mirrored traffic.

Would'nt it be much easier if you add a routing interface or physical router between those two networks?

It is not neccessary to be in the same subnet or vlan for authentication (NAC GW) or management (Netsight).
Userlevel 6
This can only be done on one interface at a time.
I would recommend bringing up a second NAC.
If it's temporary, you can run a virtual one with an eval for a number of days to complete your project.
Userlevel 6
Hi Mike,

why are you so certain that it will not work ?! Can you tell me why ?
The GUI allow to configure this configuration!

But i try to do this with a netsight server years before and it does not work also.

Regards
Userlevel 4
Hello,

The AAA Services, if checked off in eth0 should be grayed out in eth1 and vice versa. The UI only allow you to set AAA on one interface. We are using 6.3.0.174, the latest.
Userlevel 6
Hi Scott,

if we have a look at the GUI - i would say RADIUS Communication relay on the "Device" Service (because description tell me NAS / Switch Communication).But this is not grayed out.

Userlevel 4
Its looks like we misunderstood you as we thought you were referring to AAA. So yes, the UI shows Device under both interfaces as not grayed out. However, we have not tested this in GTAC. If you test this and encounter any issues or questions please create a case with GTAC. Thank you.

Reply