Extreme Networks

Jan_Reister · ‎05-03-2023

We must provision a few hundred XIQ APs to use our Site Engine NAC and related RADIUS servers in the same way our wireless controllers do.

Extreme Control has the concept of "switch" IPs that are IP addresses configured as authorized to contact a RADIUS server. It only accepts individual IPs, no CIDR subnets.

In an XIQ deployment, each AP will have to contact the RADIUS servers. How do we configure the Extreme NAC so that it accepts connections from hundred, potentially thousand APs?

Zdeněk_Pala · ‎05-04-2023

There is a workflow that will synchronize XIQ APs from XIQ to XIQ-SE and add them to control. If the IP address of the AP changes then the workflow will update it.

check the GitHub = https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/README....

workflow is called "XIQ AP import".

If you add APs through SNMP there are some benefits (re-authentication method is automatically recognized).

Adding APs as Ping Only works also but the reauth method must be set manually... I prefer the workflow 🙂

Regards Zdeněk Pala

View solution in original post

Robert_Haynes · ‎05-04-2023

This is currently a design limit w.r.t. your needs. You would need to inventory these APs in XIQ-SE as Ping Only managed devices and then add them individually as Switches (authenticators) to Control... this of course is if each individual AP is its own RADIUS client.

Extreme Networks

provisioning XIQ APs as RADIUS clients in XIQ-SE

provisioning XIQ APs as RADIUS clients in XIQ-SE