Extreme Networks

Jeremy_Gibbs · ‎02-15-2016

There use to be a discussion on the hub about LSNAT and NAC but I can't find it. I am attempting to setup LSNAT to load balance between our 4 NAC appliances with 9,000 end systems. Anyway, if nothing is available, once I get a working config, I will post it so it can help others set this up.

Francois_Scheun · ‎02-16-2016

Hi Jeremy

We've played around with this and implemented below which worked for us.

probe ping icmp
description "check server availability"
inservice
exit
!
ip slb real-server access unrestricted
!
ip slb serverfarm "name"
real x.x.x.x port 1812
faildetect probe one ping
inservice
exit
real x.x.x.xx port 1812
faildetect probe one ping
inservice
exit
exit
!
ip slb vserver "name"
virtual y.y.y.y udp 1812
serverfarm "name"
udp-one-shot
inservice
exit
!
!

Let me know how it works out.

Regards,
Francois

Jeremy_Gibbs · ‎02-16-2016

I have had that setup before, works well. I was going to try to use LSNAT because I wanted to LB our AD servers also, and I want to use NAC as a test. Basically, we have had several DC outages and it takes a little while for NAC to try another AD server for authentication. So LSNAT would take care of that and also spread the load out over our AD infrastructure so all auths aren't hitting our primary AD DC. I am about to turn 802.1x on everywhere, so LDAP auths are about to go way, way up. Just want to make sure everything is evenly distributed and failures are transparent to users before we flip the 802.1x switch on all wired ports. Otherwise, 802.1x in my testing is working flawlessly.

TylerMarcotte · ‎02-16-2016

Jeremy,

You can actually set up RADIUS load balancing right on the EXOS or EOS switch as well. It can also be configured through NAC Manager in the Configuration tab. See attached picture. There is also a section in the NAC User Guide that covers configuring Load Balancing.

Tyler

Extreme Networks

LSNAT and NAC Config

LSNAT and NAC Config