cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

provisioning XIQ APs as RADIUS clients in XIQ-SE

provisioning XIQ APs as RADIUS clients in XIQ-SE

Jan_Reister
Contributor

We must provision a few hundred XIQ APs to use our Site Engine NAC and related RADIUS servers in the same way our wireless controllers do.

Extreme Control has the concept of "switch" IPs that are IP addresses configured as authorized to contact a RADIUS server. It only accepts individual IPs, no CIDR subnets.

In an XIQ deployment, each AP will have to contact the RADIUS servers. How do we configure the Extreme NAC so that it accepts connections from hundred, potentially thousand APs?

1 ACCEPTED SOLUTION

Zdeněk_Pala
Extreme Employee

There is a workflow that will synchronize XIQ APs from XIQ to XIQ-SE and add them to control. If the IP address of the AP changes then the workflow will update it.

check the GitHub = https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/README....

workflow is called "XIQ AP import".

If you add APs through SNMP there are some benefits (re-authentication method is automatically recognized).

Adding APs as Ping Only works also but the reauth method must be set manually... I prefer the workflow šŸ™‚

 

 

Regards Zdeněk Pala

View solution in original post

5 REPLIES 5

Jan_Reister
Contributor

Thank you @zdenek_pala @James_A , I will check it out.

Yes @Robert_Haynes it's a limit. I wonder how other XIQ users are managing their NAC, perhaps with a third party(other vendor solution?.

AFAIK customers are using long DHCP lease times for APs. In case of the AP is down for a longer time the IP still will be the same.

The workflow mentioned can be executed periodically (scheduled).

Regards Zdeněk Pala

Zdeněk_Pala
Extreme Employee

There is a workflow that will synchronize XIQ APs from XIQ to XIQ-SE and add them to control. If the IP address of the AP changes then the workflow will update it.

check the GitHub = https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/README....

workflow is called "XIQ AP import".

If you add APs through SNMP there are some benefits (re-authentication method is automatically recognized).

Adding APs as Ping Only works also but the reauth method must be set manually... I prefer the workflow šŸ™‚

 

 

Regards Zdeněk Pala

James_A
Valued Contributor

Once they're online, run the XIQ AP import workflow from the scripting site:

https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/README....

 

GTM-P2G8KFN