we want to deploy a 802.1x wifi and a guest network on APs which are controlled by an ECA HA pair.
Two NACs will handle 802.1x authentication for 802.1x wifi. In "NAC Manager" we have an appliance group with those two NACs and in "switches" tab both ECAs are configured as Switch with both NACs as primary and secondary engine and ECAs are using a RADIUS pasthrough rule. As a result authentication requests from those ECAs are processed by both NACs. This works so far.
Now we want to deploy a GIM guest network with external captive portal (from ECAs point of view) on a third dedicated NAC (Guest-NAC). Since Guest Users will have to communicate with this NAC (to see the login portal) this NAC needs a second user registration interface with an IP address reachable from user networks.
ExtremeCloud Appliance Deployment Guide, Section "Deploying XMC as External Captive Portal" describes the use of a NAC as portal provider. There you have to add the switch (our ECAs) to the Guest-NAC. But if I do this, the ECAs will be removed from the 802.1x appliance group?
Can't I add a switch (ECA) to more than two NAC-Engines?
Best answer by Rodney Lacroix
Set the default policy for the XCA network to Unregistered.
The end systems will authenticate to the engine, show up in the End Systems table of XMC, and should continue through the authorization/reauthentication processes on XCA. However, just keep in mind that in doing this, XMC/NAC will not provide policy or any other authentication processes to the XCA end systems.