Extreme Networks

Anonymous · ‎02-26-2020

Hi,

To keep it as simple as I can…….

Have a scenario where the NAC Eth1 and EWC ESA1 both exist in the DMZ.

The solution requires a captive portal that I am intending on presenting via NAC with ‘Authorised Registration’ that uses proxy RADIUS to authenticate clients. The web redirect on the EWC will point to the NAC Eth1 DMZ address.

In the addition the proxy RADIUS server will be in the DMZ and require the NAC Eth1 source IP to be used to authenticate against it. Essentially adding the NAC Eth1 IP address as the client address in the proxy RADIUS server..

My question is: is that possible or will RADIUS proxy authentication requests come from NAC Eth0?

Many thanks in advance

Ryan_Yacobucci · ‎02-29-2020

Hello Martin,

I believe that you should be able to do this.

You cannot move management services off of eth0 but you can move AAA servers and end system services to eth1 to have captive portal and proxy radius both served from eth1.

You can only have AAA servers on 1 interface though so you can’t have NAC proxy RADIUS out both eth0 and eth1 at the same time.

Thanks

-Ryan

Anonymous · ‎02-26-2020

Hi Mig,

Thank you for getting back to me.

Think in that case I will spin up another NAC dedicated for the purpose.

Appreciate the clarification, least I know what I need to do.

Many thanks,

Martin

Miguel-Angel_RO · ‎02-26-2020

Martin,

When you edit your interface, you cannot bind the AAA server to eth1, the radius request will come from eth0.

Mig

Extreme Networks

RADIUS Proxy Via NAC Eth1

RADIUS Proxy Via NAC Eth1