Header Only - DO NOT REMOVE - Extreme Networks

load balancing on nac

Userlevel 1
Hi guys

i have enable nac load balancing. I am unsure how to check itis working. what i have done is added the address of the NAC appliances to the external load balancer config of the nac group . according to the docs, i am suppose to get a VIP. Where am i suppose to see this. also if i do a show radius, the two NAC appliances are set as 1and 2 and not random. Arethe applainces not suppose to have the switches and end devices on them?


5 replies

Userlevel 7

I am not really sure what setup you are using. As far as I know you configure a load balancer to provide a virtual IP (VIP) address, and then balance requests sent to that VIP across several NAC appliances.

If you are using S-Series switches you can use LSNAT, see e.g. How To Configure LSNAT to Load Balance to Multiple NAC on S-Series, S-Series and LSNAT are not Load Balancing, What kind of persistence do I need to implement on a load balancer for the NAC to be load balanced?, and Server Load Balancing (SLB) and Load Sharing Network Address Translation (LSNAT) Are Not Working for additional info.

You would then configure only the VIP of the load balancer as RADIUS server on the switches.

Userlevel 1

I am using XOS. I was under the impression NAC aappliances are jointed togther in a group and then their IP's are added to the external load balancer config section of the group config tab.

Userlevel 6

When you enable the load balancing feature and provide and IP of the load balance IP address what occurs is NAC assumes that there is an external load balancer at the IP address provided and on enforce attempts to write this IP address as the RADIUS server to all switches in the switches tab.

Every switch is then also written into every's NAC's "clients.conf" file.

The NACs themselves do not perform any type of load balancing. As Erik has mentioned typically the lad balance IP provided in the NAC configuration is the VIP for the LSNAT configuration on the S series.

Userlevel 1
Excellent. Thanks for the clarification guys.
We use LSNAT or "ip slb" on the S4 to do exactly what you are wanting to do.