Question

Extreme Control | User Identity - End system

  • 29 May 2019
  • 3 replies
  • 292 views

Hello everybody,

I'm on the last step of deploying ExtremeControl solution, though I still have some issues :

The Extreme Control doesnt provide the IP adresse, Access type, health and the authorisation of my end system, but the mac adresse, the host name, device type and time of the day is already discovered. how can I solve it ?


Thank you sooo much for ur help,

3 replies

Userlevel 5
Hello Safaa,

For MAC-to-IP resolution you need some features to run on your network. Depending on your hardware, those can be:
  • EXOS/EOS - Nodealias,
  • EXOS or other routing instances - Bootprelay/DHCP Relay (with Extreme Access Control being a destination along with the real DHCP, EAC will do DHCP Snooping to learn the addresses),
  • EXOS - Identity Management (works the smoothest IMHO),
  • Generic - IPNetToMedia MIB table (ARP cache) on edge switch or more likely a gateway router (has to be in XMC),
  • RADIUS Accounting if Framed-IP-Address is supported from the authenticator device (switch/AP/controller) with EAC as a RADIUS Accounting target,
  • Static mappings.
I'd recommend DHCP Relay and IDM in first try.
Assuming you have EXOS devices, you can find details on configuration in EXOS User Guide and here:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configured-Identity-Management-for-XoS-in-NAC-Manager/
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Bootprelay

Health needs Assessment enabled and it's also licensed additionally. Do you have IA-PA-XX licenses or XMC evaluation license?

Could you please show the fingerprint screenshot with obfuscated sensitive data like username here?

Hope that helps,
Tomasz
Hello Tomasz,

Thank you for your detailled response, well I'm using an XOS summit X440, for the licence I have a netsight evaluation.

Here is the fingerprint of my end-system



Thank you again for your usefull help,
Safaa
Userlevel 5
Hi Safaa,

Regarding MAC-to-IP and Health I believe Zdenek (in similar thread) and I covered the topic fair enough for a sneak peek. Regarding Access Control - you have ERROR state of the authentication. You should try to see End-system events, see the possible error reason and troubleshoot. Have a look here as well: https://community.extremenetworks.com/extrememanagement-230297/802-1x-identity-what-is-it-7823134
Once you have 802.1X authentication working 100%, you should see the username.

Hope that helps,
Tomasz

Reply