NAC Gateway: Is it possible to bind RADIUS daemon to a second interface / nic ?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Is it possible to bind the RADIUS daemon on NAC Gateway on two interfaces simultaniously ? We need this during a network migration period.

NAC Gateway have IP A (eth0)- where Management, Netsight Communication and RADIUS is running currently. Additionally we want having IP B (eth1) within a different IP Subnet. So we can move our switches (which have configured mac Auth) from the old network to the new network.

Is that possible ? The GUI seems to support that !  Did any try this before ?
Any side effects that have to be considered ?
Photo of M.Nees

M.Nees, Embassador

  • 9,126 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
The secondary ethernet interface of a NAC Gateway is not designed for communitcation, it is only designed for some traced or mirrored traffic.

Would'nt it be much easier if you add a routing interface or physical router between those two networks?

It is not neccessary to be in the same subnet or vlan for authentication (NAC GW) or management (Netsight). 
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,476 Points 5k badge 2x thumb
This can only be done on one interface at a time.
I would recommend bringing up a second NAC.
If it's temporary, you can run a virtual one with an eval for a number of days to complete your project.
Photo of M.Nees

M.Nees, Embassador

  • 9,126 Points 5k badge 2x thumb
Hi Mike,

why are you so certain that it will not work ?! Can you tell me why ?
The GUI allow to configure this configuration!

But i try to do this with a netsight server years before and it does not work also.

Regards
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
Hello,  

The AAA Services, if checked off in eth0 should be grayed out in eth1 and vice versa.  The UI only allow you to set AAA on one interface.  We are using 6.3.0.174, the latest.
Photo of M.Nees

M.Nees, Embassador

  • 9,126 Points 5k badge 2x thumb
Hi Scott,

if we have a look at the GUI - i would say RADIUS Communication relay on the "Device" Service (because description tell me NAS / Switch Communication).But this is not grayed out.

Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
Its looks like we misunderstood you as we thought you were referring to AAA.  So yes, the UI shows Device under both interfaces as not grayed out.  However, we have not tested this in GTAC.  If you test this and encounter any issues or questions please create a case with GTAC.  Thank you.