Extreme Networks

James_A · ‎05-13-2020

I’ve configured our VPN server (a Fortigate) to use ExtremeControl as a RADIUS server, which is working fine. But I was wondering how to view the sessions in XMC, since they don’t seem to show up in end-system events. Is it possible to view VPN connection history?

Bonus question: has anyone configured XMC to send back the Fortigate group VSAs?

Zdeněk_Pala · ‎05-18-2020

Hi Miguel-Angel

I have not tried it. In general, it all depends if the radius request is in the expected format or not with necessary arguments.

Regards Zdeněk Pala

Miguel-Angel_RO · ‎05-18-2020

Hi Zdenek,

That’s good to know!

Do you know if this also the solution for a firewall acting as portal and forwarding the authentication request to the NAC? In this case we also get the radius request without MAC address.

Thanks

Mig

Zdeněk_Pala · ‎05-18-2020

add the VPN gateway to your ExtremeControl as VPN and not as L2 device.

dec0e79211224f4e8629308fa2b6932b_493d068f-b511-4d43-9e41-8df84d56e16c.png

The FortiGate works!
you will see the end-system in the table, the MAC will be fake (generated) but you will see IP address (accounting is needed), you will see status, username...

Regards Zdeněk Pala

Miguel-Angel_RO · ‎05-18-2020

James,

You’re right, the key identifier for the NAC is a MAC.

However a VPN authentication request rely on L3 connectivity and will always use the IP for this attribute.

The Callind-Station-Id is a MAC+SSID when there is a dialog between a wireless controller and the NAC because in this case there is a L2 binding.

I’m afraid there will be no solution to make the session appear in the End-Systems

Mig

Extreme Networks

VPN users in XMC?

VPN users in XMC?