Extreme Networks

DrankThePurpleS · ‎10-05-2020

Deploying XMC, Analytics, EAC, all at same time, essentially. Place did have a radius server in place yet. I thought, maybe I’m wrong, or previous version, XMC/NAC can be set as radius server. Trying to keep things has simple as possible for staff to manage, and just get some detection going in NAC.

Firmware is 8.4.2.38 across all three virtual appliances. Is enable eth1 in NAC best practice? Thanks for any guidance on my first question.

(random, badges here don’t pull from Dojo?)

Ovais_Qayyum · ‎10-05-2020

Hi,

You can use NAC as a Radius server. Please check out the following article:

https://community.extremenetworks.com/aaa-radius-230508/how-to-configure-nac-as-radius-to-authorize-...

Regards,

Ovais

View solution in original post

Ovais_Qayyum · ‎10-06-2020

I found some useful NAC and XMC How to configuration videos that one of our SEs recorded while rebuilding his lab. This should help you add switches and enable MAC auth on the switches for endpoints, for endpoint visibility you only need MAC auth which is handled by the NAC itself, you won’t need to integrate NAC with the AD at this stage.

You would need Radius configuration on the NAC for 802.1x authentication. As far as I understand your case, you need to setup NAC for 802.1X LDAP Authentication (NAC as Radius would perform auth. using AD)

Its a series of short videos and pretty much starts from the installation of XMC to all the way enabling authentication, analytics, etc. Here is the link:

https://www.youtube.com/playlist?list=PLSDFZrhuKRrgc34oJT3si-so4wa-kFMJx

<<Credit: Branden Henner>>

Let me know how it goes.

Regards,

Ovais

DrankThePurpleS · ‎10-05-2020

For now, just passive device detection. Ultimately will pass via LDAP.

This is being deployed in a 4k device environment, that had very little security/management. Using EAC as Radius was the plan for now, and only wired. CloudIQ Pilot will ultimately be deployed for wireless.

I just want to get the switches in the end systems to start, that can’t even happen. Ha. The ACL slices are full, the access edge is mostly v400’s, so extended control bridges are doing too much already on some ancient fiber. I’m popping in 450g2’s 590’s where budget allows. Normally this is the easy part, now the hard part will be beyond easy, once that easy, now hard part is done. Yes these budget restrictions imposed on whoever set this up is driving me mad.

Ovais_Qayyum · ‎10-05-2020

Apart from the help pages, there are not many documents out there based on the new HTML UI.

1- What is the user authentication scenario? you wanna use NAC as Radius Proxy (sending incoming auth. request to the AD)

2- Or you want NAC to be the Radius as well as the user database?

3- wired or wireless or a combination of both?

these questions will help guide you in the right direction, Meanwhile, I am checking if we have any documents that are based on new HTML UI. Please do check the help section, It provides pretty good examples.

Regards,

Ovais

DrankThePurpleS · ‎10-05-2020

Thanks!! Thought so, but still can’t see if I have to do anything in this version, java being phased on. Transfer of knowledge will be solely web based. Appreciate the help!

Ovais_Qayyum · ‎10-05-2020

Hi,

You can use NAC as a Radius server. Please check out the following article:

https://community.extremenetworks.com/aaa-radius-230508/how-to-configure-nac-as-radius-to-authorize-...

Regards,

Ovais

Extreme Networks

Can I use XMC/Control as Radius

Can I use XMC/Control as Radius