cancel
Showing results for 
Search instead for 
Did you mean: 

VPN users in XMC?

VPN users in XMC?

James_A
Valued Contributor

I’ve configured our VPN server (a Fortigate) to use ExtremeControl as a RADIUS server, which is working fine. But I was wondering how to view the sessions in XMC, since they don’t seem to show up in end-system events. Is it possible to view VPN connection history?

Bonus question: has anyone configured XMC to send back the Fortigate group VSAs?

8 REPLIES 8

Zdeněk_Pala
Extreme Employee

Hi Miguel-Angel

I have not tried it. In general, it all depends if the radius request is in the expected format or not with necessary arguments.

 

Regards Zdeněk Pala

Miguel-Angel_RO
Valued Contributor II

Hi Zdenek,

That’s good to know!

Do you know if this also the solution for a firewall acting as portal and forwarding the authentication request to the NAC? In this case we also get the radius request without MAC address.

Thanks

Mig

Zdeněk_Pala
Extreme Employee

add the VPN gateway to your ExtremeControl as VPN and not as L2 device.

dec0e79211224f4e8629308fa2b6932b_493d068f-b511-4d43-9e41-8df84d56e16c.png

The FortiGate works!
you will see the end-system in the table, the MAC will be fake (generated) but you will see IP address (accounting is needed), you will see status, username...

Regards Zdeněk Pala

Miguel-Angel_RO
Valued Contributor II

James,

You’re right, the key identifier for the NAC is a MAC.

However a VPN authentication request rely on L3 connectivity and will always use the IP for this attribute.

The Callind-Station-Id is a MAC+SSID when there is a dialog between a wireless controller and the NAC because in this case there is a L2 binding.

I’m afraid there will be no solution to make the session appear in the End-Systems 80cf2f1313bd48a487ee710f007c5210_1f60f.png

Mig

 

GTM-P2G8KFN