Extreme Networks

James_A · ‎05-13-2020

I’ve configured our VPN server (a Fortigate) to use ExtremeControl as a RADIUS server, which is working fine. But I was wondering how to view the sessions in XMC, since they don’t seem to show up in end-system events. Is it possible to view VPN connection history?

Bonus question: has anyone configured XMC to send back the Fortigate group VSAs?

James_A · ‎05-15-2020

The Fortigate is sending Calling-Station-Id, but it’s an IP address. From wireshark:

AVP: t=Calling-Station-Id(31) l=15 val=49.196.21.105

I’m guessing end-systems is keyed off MAC addresses though, not IP addresses.

For the VSAs, they were already available, so I edited the Fortigate switch config in the engine group, and created a new RADIUS attribute configuration with these attributes:

Fortinet-Group-Name=%LOGIN_LAT_GROUP% Acct-Interim-Interval=600

I also made a new policy mapping with the correct Login-LAT-Group and then a profile that used it to put into the rules.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46414

Miguel-Angel_RO · ‎05-14-2020

James,

You should be able to tweak a little bit your fortigate to send the needed radius attribute (Calling Station ID). Check this: https://kb.fortinet.com/kb/documentLink.do?externalID=FD39610

If you manage to send it, the records should appear in the end-systems tab

Mig

James_A · ‎05-13-2020

Yep, there’s entries in there as management logins. The information column has “This is an administrative request because Calling-Station-Id is not present” at the end. Which makes sense I guess.

Ronald_Dvorak · ‎05-13-2020

Hi James,

could you check > Alarm&Events > Events > Type: Access Control Engine

Do you see the login events in that view.

-Ron

Extreme Networks

VPN users in XMC?

VPN users in XMC?