https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121405#M3693 <P class=""><SPAN>Hi,</SPAN></P><P class=""><SPAN>I have a customer with an existing WLAN based on AP505i access points and an E1120 controller. This year, we are planning to expand the WLAN with Wi-Fi 7 access points managed through Extreme Platform ONE.</SPAN></P><P class=""><SPAN>We understand that the AP505i cannot be managed from the cloud, so the customer would eventually have two separate management environments: cloud management for the Wi-Fi 7 APs, and on-premises management for the Wi-Fi 6 APs. This scenario has already been accepted by the customer.</SPAN></P><P class=""><SPAN>Our main question is about WLAN NAC deployment.</SPAN></P><P class=""><SPAN>We are evaluating Extreme Platform ONE Security with the Security Tier license, but we are not sure how this would work in a mixed environment where part of the WLAN is managed on-premises and part from the cloud.</SPAN></P><P class=""><SPAN>We assume Platform ONE Security should work well for the Wi-Fi 7 network, but what would happen with the Wi-Fi 6 network that is still running with the on-premises controller?</SPAN></P><P class=""><SPAN>Would we need a RADIUS proxy to support NAC authentication for the controller-managed WLAN? Also, is it possible to integrate the cloud-based NAC directly with the controller, without using a RADIUS proxy?</SPAN></P><P><SPAN>Any guidance or best practices for this type of mixed deployment would be appreciated.</SPAN></P> Wed, 25 Mar 2026 20:25:46 GMT rortega 2026-03-25T20:25:46Z https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121405#M3693 <P class=""><SPAN>Hi,</SPAN></P><P class=""><SPAN>I have a customer with an existing WLAN based on AP505i access points and an E1120 controller. This year, we are planning to expand the WLAN with Wi-Fi 7 access points managed through Extreme Platform ONE.</SPAN></P><P class=""><SPAN>We understand that the AP505i cannot be managed from the cloud, so the customer would eventually have two separate management environments: cloud management for the Wi-Fi 7 APs, and on-premises management for the Wi-Fi 6 APs. This scenario has already been accepted by the customer.</SPAN></P><P class=""><SPAN>Our main question is about WLAN NAC deployment.</SPAN></P><P class=""><SPAN>We are evaluating Extreme Platform ONE Security with the Security Tier license, but we are not sure how this would work in a mixed environment where part of the WLAN is managed on-premises and part from the cloud.</SPAN></P><P class=""><SPAN>We assume Platform ONE Security should work well for the Wi-Fi 7 network, but what would happen with the Wi-Fi 6 network that is still running with the on-premises controller?</SPAN></P><P class=""><SPAN>Would we need a RADIUS proxy to support NAC authentication for the controller-managed WLAN? Also, is it possible to integrate the cloud-based NAC directly with the controller, without using a RADIUS proxy?</SPAN></P><P><SPAN>Any guidance or best practices for this type of mixed deployment would be appreciated.</SPAN></P> Wed, 25 Mar 2026 20:25:46 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121405#M3693 rortega 2026-03-25T20:25:46Z https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121406#M3694 <P>Hi Rortega,</P><P>As far as I remember, EP1 Security doesn't have native integration with XIQ-C.<BR />Depending on the number of APs involved, the most suitable approach would be to control everything through XIQ-C, using the internal NAC.<BR />If you still want to keep XIQ and XIQ-C, there's the possibility of treating XIQ-C as a third-party solution in ZTNA (EP1 Security), but using XIQ-SE + NAC should certainly be simpler at this point as it's a more mature solution.</P><P>Regardless, and now talking about hardware, it's not good to mix the deployment of APs in the same coverage areas, as newer clients (WiFi 7) will prefer to connect to the new APs rather than the 505i.</P><P>The latest version of XIQ-C already supports the AP5020 and AP5022, and will soon also support PPSK.<BR /><BR /><SPAN>I hope this helps.</SPAN><BR /><BR />Raúl Carbonari</P> Wed, 25 Mar 2026 22:06:35 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121406#M3694 Raul_Carbonari 2026-03-25T22:06:35Z https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121407#M3695 <P>Hi rortega,</P><P>I’ve just reviewed the hardware, and the E113O reaches End-of-Software-Maintenance (EOSM) on 4/15/2026, while the AP505i reaches EOSM on 1/15/2027.</P><P>Replacing them might be the better path if the client isn't overly concerned about the budget. Given that the 505i are WiFi 6 and everything is moving toward WiFi 7, a complete refresh makes sense, assuming most of their devices are WiFi 7-ready.</P><P>Raúl Carbonari</P> Wed, 25 Mar 2026 22:22:55 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121407#M3695 Raul_Carbonari 2026-03-25T22:22:55Z https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121411#M3696 <P>Hi Raúl,</P><P>Thank you again for the clarification.</P><P>Based on your comment about the possibility of treating XIQ-C as a third-party solution in EP1 Security, I would like to clarify one more point:</P><P>If we go in that direction, should we consider deploying a RADIUS Proxy in order to establish communication between XIQ-C and EP1 Security, or is it possible to integrate them directly without the proxy?</P><P>I would appreciate any guidance on whether this type of integration is supported, and if so, what the recommended approach would be.</P><P>Thanks again.</P> Thu, 26 Mar 2026 19:12:14 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121411#M3696 rortega 2026-03-26T19:12:14Z https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121412#M3697 <P><SPAN class=""><SPAN class="">Hi,<BR />Unfortunately, I haven't implemented ZTNA yet, and I don't have all the details, but the XIQ-C has RADSEC support, so I imagine it's eventually possible to connect directly.</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">The proxy solution is for cases where the device doesn't have that capability.</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I took a look at the documentation, but there's nothing specific about the XIQ-C. Perhaps it's necessary to contact SE or open a case with GTAC.</SPAN></SPAN><SPAN class=""><SPAN class=""> <A href="https://documentation.extremenetworks.com/Extreme%20Platform%20ONE%20Security%20v25.5.0%20User%20Guide/downloads/Extreme_Platform_ONE_Security_25_5_0_User_Guide.pdf" target="_blank" rel="noopener">https://documentation.extremenetworks.com/Extreme%20Platform%20ONE%20Security%20v25.5.0%20User%20Guide/downloads/Extreme_Platform_ONE_Security_25_5_0_User_Guide.pdf </A></SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Regards, </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Raúl Carbonari</SPAN></SPAN></P> Thu, 26 Mar 2026 20:25:33 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-using-extreme-platform-one-security-and-e1120-controller/m-p/121412#M3697 Raul_Carbonari 2026-03-26T20:25:33Z