This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC (ExtremeControl) i dont see End-Systems

NAC (ExtremeControl) i dont see End-Systems

Go to solution
DeoHeo
New Contributor III

‎02-18-2021 01:32 PM

Hello Community,
I am in the process of testing Extreme Control and am stuck.

Setup
All servers and clients are running on one ESXi server
EMC 192.168.1.1 (switch port 1)
ExtremeControl Engine 192.168.1.2 (I want to use the engine as radius)
Switch X440 G2 192.168.1.6
Windows 10 Client 192.168.1.100 (Switch Port 11)


Config Switch

#
# Module aaa configuration.
#
configure radius netlogin 1 server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius 1 shared-secret encrypted "#$3YWys9K/gnkYTAtcnoc0j/sVILnGlBmsBojzhCKu5klcQGu850E="
configure radius mgmt-access primary server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "#$q3McX2ey3ZY3eNTYPu8B/14NYPTeJEwEnbZyHR4QoVrwtq3T1a0="
configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$+BrzjOm9EGeBUFdYfHDStLMDGl3Zq2uZ/iFgqbFmQjO49XwptwY="
enable radius
enable radius mgmt-access
enable radius netlogin
configure radius timeout 15

Config Engine
I left everything on default and only entered an IP subnet under IP Address Resolution: 192.168.1.0-192.168.1.254.

Config EMC
Switch added (can also be seen under Control/Access Control/Engines/Default/Switches)

Logs Switch
sh radius
- shows that it is connected
show log severity debug-data | include RADIUS
- does not show error messages

Logs Engine
/var/log/radius/radius.log
- for me not understandable found what I should change

I can still write all needed information in case I forgot something. I would be grateful for any help.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
StephanH
Valued Contributor III

‎02-18-2021 02:24 PM

One further hint:

To check if authentications happen on your switch use:

show netlogin session 

on you switch

Regards Stephan

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
DeoHeo
New Contributor III

‎02-19-2021 12:53 PM

In the test environment I do not use DHCP.

I will try the latter.

A colleague said that it might be the ESXi environment. I'll have a look.

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎02-19-2021 11:13 AM

Does your client use DHCP? If yes add an dhcp helper entry on you switch pointing to the NAC GW.

This way, the NAC receives all DHCP packets. In addition you can enable node alias on the ports, to improve the IP triggering of the NAC.

Regards Stephan
0 Kudos

Go to solution
DeoHeo
New Contributor III

‎02-19-2021 11:01 AM

The client can authenticate itself. But in different time intervals comes "MAC to IP Resolution Failed". To me it looks like a timer value is set too small, but I can't find it. But maybe it is something else.

0 Kudos
GTM-P2G8KFN