NAC Feature "RADIUS Clients to Monitor NAC"

  • 0
  • 2
  • Question
  • Updated 2 years ago
  • Answered
During playing around (for another huge installation) in my lab NAC, i stumble over the above feature!

RADIUS Clients to Monitor NAC ??

Are there any use cases or configuration examples? Current Online Help, NAC Manuals are not helpful.

What is the difference between using "RADIUS Clients to Monitor NAC" or to configure a out-of-band system (like nagios) in standard "switch section" as regular RADIUS client to test RADIUS requests?

replys are welcome.
Photo of M.Nees

M.Nees, Embassador

  • 9,964 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hello Matthias,

as I understand this feature, it can be used to monitor NAC using e.g. Nagios/Icinga (or Spectrum or ...)  with a special account that is valid for monitoring only. This account does not allow network access. This is more secure than using a real user account for monitoring.

Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,736 Points 5k badge 2x thumb
Hello Matthias, 

Please see the following help section description for the service:

Any authentication request coming from an IP address that matches the list of RADIUS monitor clients will be authenticated using the password you provided in the AAA mapping. In these cases, the username does not matter. The password configured will not be able to be used for authentication from any other part of the network. The Access Control engine responds back with a basic accept to any RADIUS monitor client’s RADIUS request.

Photo of James A

James A, Embassador

  • 7,512 Points 5k badge 2x thumb
As well, it saves using one of your licensed switches for the monitoring host. I've just moved my monitoring script over to this method, and the other thing I noticed is it doesn't create an end-system (as I was using a fake MAC address).

When was this feature added, 7.0? It's not in the release notes at all.
Photo of M.Nees

M.Nees, Embassador

  • 9,964 Points 5k badge 2x thumb
Hi James,

this makes sense and explained why the netsight programmer adding this GUI option.

This feature was added in Netsight 6.2:
Ability to configure RADIUS monitoring tools to monitor NAC appliance performance and availability.

Photo of M.Nees

M.Nees, Embassador

  • 9,964 Points 5k badge 2x thumb
I though a little deeper to use this feature on some customer installations ...

i will try to use not just a password for authentication but rather a user account which resides in the backend Active Directory, so with this i can check the whole Authentication process within NAC backend connectivity.
(i hope this will work)

Photo of Peter Chang

Peter Chang

  • 394 Points 250 badge 2x thumb
I'd like to use this feature to monitor our NACs. What kind of scripts are you using? Are you utilizing your checks with Nagios/Icinga?