This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme IQ with Azure (Entra) - without Control/NAC/IQ Site

Extreme IQ with Azure (Entra) - without Control/NAC/IQ Site

GrangeBM
New Contributor

‎12-08-2023 02:46 AM

Hi

We have Extreme IQ with onsite NPS as a radius. We also have Azure (Entra) in place.

Ideally I would like Extreme to auth directly with Azure (Entra) rather than via onsite NPS.

Must you have Extreme IQ Control / Site license in order to authenticate users directly with Azure (Entra) as Radius?

Do you know if part of the radius/direct authentication on Entra (when used with extreme) if this can check USER auth and also the DEVICE check. For example:

Joe Bloggs - matched in Azure (Entra) - correct group.
The device Joe is using - in a set group within Entra (Cloud Joined Device object, NOT hybrid AD Joined). 

Thanks  

Ben

NB: We did see below which looked promising but this may only be for Extreme IQ Site?

Release Notes: Control supports Entra for 802.1x
https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/extremecloud-iq-site-engine-xiq...

0 Kudos
1 REPLY 1

Bartek
New Contributor III

‎12-11-2023 02:21 AM

Hi,

ExtremeCloud IQ-Site Engine requires one XIQ-PIL license. Each NAC (Control) appliance requires one XIQ-PIL license. In addition you need to purchase XIQ-NAC license(s) for End Systems (each device authenticated using 802.1x or MAC).

About management there is an official guide from Extreme how to Integrate ExtremeCloud IQ APs with this solution (so Wireless management stays in the cloud) but perhaps switches connected to NAC should be managed in XIQ-Site Engine locally.

0 Kudos
GTM-P2G8KFN