This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LSNAT and NAC Config

LSNAT and NAC Config

Jeremy_Gibbs
Contributor

‎02-15-2016 07:46 PM

There use to be a discussion on the hub about LSNAT and NAC but I can't find it. I am attempting to setup LSNAT to load balance between our 4 NAC appliances with 9,000 end systems. Anyway, if nothing is available, once I get a working config, I will post it so it can help others set this up.

0 Kudos
3 REPLIES 3

Francois_Scheun
New Contributor III

‎02-16-2016 02:19 PM

Hi Jeremy

We've played around with this and implemented below which worked for us.

probe ping icmp
description "check server availability"
inservice
exit
!
ip slb real-server access unrestricted
!
ip slb serverfarm "name"
real x.x.x.x port 1812
faildetect probe one ping
inservice
exit
real x.x.x.xx port 1812
faildetect probe one ping
inservice
exit
exit
!
ip slb vserver "name"
virtual y.y.y.y udp 1812
serverfarm "name"
udp-one-shot
inservice
exit
!
!

Let me know how it works out.

Regards,
Francois
0 Kudos

Jeremy_Gibbs
Contributor

‎02-16-2016 01:19 AM

I have had that setup before, works well. I was going to try to use LSNAT because I wanted to LB our AD servers also, and I want to use NAC as a test. Basically, we have had several DC outages and it takes a little while for NAC to try another AD server for authentication. So LSNAT would take care of that and also spread the load out over our AD infrastructure so all auths aren't hitting our primary AD DC. I am about to turn 802.1x on everywhere, so LDAP auths are about to go way, way up. Just want to make sure everything is evenly distributed and failures are transparent to users before we flip the 802.1x switch on all wired ports. Otherwise, 802.1x in my testing is working flawlessly.
0 Kudos

TylerMarcotte
Extreme Employee

‎02-16-2016 12:48 AM

Jeremy,

You can actually set up RADIUS load balancing right on the EXOS or EOS switch as well. It can also be configured through NAC Manager in the Configuration tab. See attached picture. There is also a section in the NAC User Guide that covers configuring Load Balancing.

Tyler




0 Kudos
GTM-P2G8KFN