ExtremeCloud Feature running ?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

does anybody of you has a runing ExtremeCloud Environment with MAC-based authentication MBA ? and how did you realized it ?

We spent today several hours to make a Server 2012 NPS Service acting as a radius Server for this Feature ... but it didn ́t work.

I know that in past were a lot of Problems using MS as a radius Server but until i test additional hours i want to ask here if anybody has a running solution, and what did he use as a radius server.

We tested it with our demo lab and a new 3912 AP but no matter which NPS Rules you have, the Client was authtentificated and could Login .. (that should only work if there is a AD User with username=mac address of the Client) ... I ́m now in the evening on my private lab and will test it with an AP3935.

Formerly we had similar Problems and spent hours to get the Knowledge that the AP3912 will not work with the Layer 7 APP Filtering .. and now it Looks like that this AP already disregard the MBA Setting into Definition of the wlan Network...

I ́m very diappointed about the Extrem Cloud Solution .. compared with the WLAN Controller Solution from Extreme / Enterasys it ́s like handycraft.

Photo of info@systemhaus-genthin.de

Posted 2 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
What do you see in the NPS log regarding the authentication.

The below example isn't from a MBA WLAN service but you should take a look which
- Connection Request policy
- Network Policy
was used to grant access to the client and then check again if either of them have a allow full access rule that bypass/ignore the AD database.

Photo of Thomas Borrel

Thomas Borrel, Employee

  • 480 Points 250 badge 2x thumb
Thank you for bringing this to our attention. ExtremeCloud will support the AP3912i in our next release, currently scheduled for the end of this month (February). Let's connect offline as this is most likely why you are having issues with application filters and MBA on this AP model.

I tried to contact you when you initially notified us of the issue with application filters, but it appears the email may not have gotten to you. Please let me know how to best connect with you.

I made yesterday some Tests with an AP3935 and there i got some Response into the nps Event Viewer on Server 2012. I did not get a positive authentification until now but this could be a Problem of my NPS Config.
i used this Forum entry :
https://community.aerohive.com/aerohive/topics/troubleshooting-nps-for-basic-mac-authentication

and tried to configure a Network on the ExtremeCloud with Basic MBA.. but i get everythime a error

6273 Code 16 into the Event Viewer of Windows NPS.
That ́s why i made the question to all of the guys into this Forum ... if anybody has already get a running configuration for MBA with ExtremeCloud ?
I expected a Reply from Extreme , that a technican can confirm to me .. "yes we tested MBA .. we used Radius Server XYZ with this configuration"
I alredy spent a lot of time finding the AP3912 is not working with Layer 7 Filtering .. now it Looks like that this model is ignoring MBA too ....

it seems that the MBA Feture is not working over all !!!
I have made a test with a AP3935 and simple Free Radius on Windows Implementaion .
Everytime the Client gets authentificated ... also if the radius log says " Login incorrect" The AP does not note the Feedback from Radius Server in any cicumstances.
The MBA Role is set to deny all and the Default role is set to allow all...  I expect that the AP is blocking an Client when the radius Server reject an auth .. but he don ́t.