This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Trying to setup IDM and failing

Trying to setup IDM and failing

Stephen_Stormon
Contributor

ā€Ž04-19-2018 07:56 PM

We have Extreme Management Console and ExtremeControl and we want to start off by just collecting information on what all is connected to the network, but not enforcing any policies at this point. The first step is to select the device, right-click on it, click Tasks -> Access Control -> Identity Management - Configuration, correct?

We then changed the target server IP address setting to the IP of the NAC server, changed the target server type to NAC, but then things fall apart at the username and PW. We tried using the root account that was created when NAC was installed, but that doesn't work. Looking on the switch, it shows:

Slot-2 Summit-CV-Desktops.9 # show xml-notification statistics
Target Name : nac-target_172.22.1.94
Server URL : https://172.22.1.94:8443/axis/services/event
Server Queue Size : 100
Enabled : yes
Connection Status : fail
Events Received : 3
Connection Failures : 2
Events Sent Success : 0
Events Sent Failed : 3
Events Dropped : 0

Going to that link brings up a login prompt, but the root account credentials on the NAC don't work to login. I'm guessing that is where the problem is, but I don't know at this point.

0 Kudos
13 REPLIES 13

Stephen_Stormon
Contributor

ā€Ž04-27-2018 04:03 PM

Yes, mine looks like your setup:

b4c22684604548bcb7f06037d63f3683_RackMultipart20180427-33004-2dvk9r-nac_inline.png


0 Kudos

TylerMarcotte
Extreme Employee
In response to Stephen_Stormon

ā€Ž04-27-2018 04:03 PM

Is the IP in your nac-target the NAC IP address or the XMC IP Address? If it's the NAC, try changing it to the XMC IP.
0 Kudos

TylerMarcotte
Extreme Employee

ā€Ž04-27-2018 03:58 PM

Ok, here's a screenshot of what it should look like on the CLI of the switch. The encrypted-auth is the encrypted password. If you already had most of it working with the script from XMC, you should just be able to change the VR on the first XML notification line.

6ee0957cef214181bd8b58bc330242ee_RackMultipart20180427-42807-11xd2ck-image_inline.png

0 Kudos

Stephen_Stormon
Contributor

ā€Ž04-27-2018 03:47 PM

I was following what the docs said and using the IP of the NAC server. Now after dismantling the configs on one switch, and trying the IP of the XMC server (it wasn't able to connect), I have tried going back to my original config and now that isn't connecting. Must be Friday.
0 Kudos

Stephen_Stormon
Contributor

ā€Ž04-27-2018 03:16 PM

Sadly, I'm still missing a piece of the puzzle. Figured out that the script that runs via XMC sets things up using VR-Mgmt, but we use VR-Default. Changed that setting and now the switches are connected to the server, but they aren't showing up in the "End Systems" section.
0 Kudos
GTM-P2G8KFN