https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47805#M6700 I have had that setup before, works well. I was going to try to use LSNAT because I wanted to LB our AD servers also, and I want to use NAC as a test. Basically, we have had several DC outages and it takes a little while for NAC to try another AD server for authentication. So LSNAT would take care of that and also spread the load out over our AD infrastructure so all auths aren't hitting our primary AD DC. I am about to turn 802.1x on everywhere, so LDAP auths are about to go way, way up. Just want to make sure everything is evenly distributed and failures are transparent to users before we flip the 802.1x switch on all wired ports. Otherwise, 802.1x in my testing is working flawlessly. Tue, 16 Feb 2016 09:19:00 GMT Jeremy_Gibbs 2016-02-16T09:19:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47803#M6698 There use to be a discussion on the hub about LSNAT and NAC but I can't find it. I am attempting to setup LSNAT to load balance between our 4 NAC appliances with 9,000 end systems. Anyway, if nothing is available, once I get a working config, I will post it so it can help others set this up.<BR /> <BR /> Tue, 16 Feb 2016 03:46:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47803#M6698 Jeremy_Gibbs 2016-02-16T03:46:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47804#M6699 Jeremy,<BR /> <BR /> You can actually set up RADIUS load balancing right on the EXOS or EOS switch as well. It can also be configured through NAC Manager in the Configuration tab. See attached picture. There is also a section in the NAC User Guide that covers configuring Load Balancing.<BR /> <BR /> Tyler<BR /> <BR /> <P class="fancybox-image"><A href="https://d1uyvls174j03l.cloudfront.net/extremenetworks-us/attachment/RackMultipart20160216-65251-e1btuq-Screen_Shot_2016-02-15_at_8.42.45_PM_inline.png" rel="image" class="fancybox"><IMG src="https://d1uyvls174j03l.cloudfront.net/extremenetworks-us/attachment/RackMultipart20160216-65251-e1btuq-Screen_Shot_2016-02-15_at_8.42.45_PM_inline.png" /></A></P><BR /> <BR /> <P class="fancybox-image"><A href="https://d1uyvls174j03l.cloudfront.net/extremenetworks-us/attachment/RackMultipart20160216-119519-14a41sm-Screen_Shot_2016-02-15_at_8.42.52_PM_inline.png" rel="image" class="fancybox"><IMG src="https://d1uyvls174j03l.cloudfront.net/extremenetworks-us/attachment/RackMultipart20160216-119519-14a41sm-Screen_Shot_2016-02-15_at_8.42.52_PM_inline.png" /></A></P><BR /> Tue, 16 Feb 2016 08:48:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47804#M6699 TylerMarcotte 2016-02-16T08:48:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47805#M6700 I have had that setup before, works well. I was going to try to use LSNAT because I wanted to LB our AD servers also, and I want to use NAC as a test. Basically, we have had several DC outages and it takes a little while for NAC to try another AD server for authentication. So LSNAT would take care of that and also spread the load out over our AD infrastructure so all auths aren't hitting our primary AD DC. I am about to turn 802.1x on everywhere, so LDAP auths are about to go way, way up. Just want to make sure everything is evenly distributed and failures are transparent to users before we flip the 802.1x switch on all wired ports. Otherwise, 802.1x in my testing is working flawlessly. Tue, 16 Feb 2016 09:19:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47805#M6700 Jeremy_Gibbs 2016-02-16T09:19:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47806#M6701 Hi Jeremy<BR /> <BR /> We've played around with this and implemented below which worked for us. <BR /> <BR /> probe ping icmp<BR /> description "check server availability"<BR /> inservice<BR /> exit<BR /> !<BR /> ip slb real-server access unrestricted<BR /> !<BR /> ip slb serverfarm "name"<BR /> real x.x.x.x port 1812<BR /> faildetect probe one ping<BR /> inservice <BR /> exit<BR /> real x.x.x.xx port 1812<BR /> faildetect probe one ping<BR /> inservice <BR /> exit<BR /> exit<BR /> !<BR /> ip slb vserver "name"<BR /> virtual y.y.y.y udp 1812<BR /> serverfarm "name"<BR /> udp-one-shot <BR /> inservice <BR /> exit<BR /> !<BR /> !<BR /> <BR /> Let me know how it works out. <BR /> <BR /> Regards,<BR /> Francois<BR /> Tue, 16 Feb 2016 22:19:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/lsnat-and-nac-config/m-p/47806#M6701 Francois_Scheun 2016-02-16T22:19:00Z