cancel
Showing results for 
Search instead for 
Did you mean: 

Extreme Control as External RADIUS in Cloud IQ

Extreme Control as External RADIUS in Cloud IQ

RobertD1
Contributor II
Hello,

I understand that it is possible to create a network policy in Cloud IQ for Wireless which can use External RADIUS server for authentication (Extreme A3, NPS, Extreme Control). Do the APs (AP3705C) which are onboarded in the cloud also need to be added under Access-Control>Switches? If so what RADIUS Attributes should they use?

Thanks,
Rob
10 REPLIES 10

AdminS
New Contributor
I have got this to work! After solving the first problem with the developer profile (redirect URI was missing) then the first task passed and data was collected. I then realized the subsequent tasks also had scripts which when reviewed revealed what I needed to do in addition. I had to create a profile for the new device to use (or alter the script) and I added another IF statement for the model of AP I was using (AP305C) and in the last script alter the primary RADIUS server IP. That's it! I've learnt a lot from this and will be very useful for bulk importing and integrating XIQ WAPs with XIQ-SE with Extreme Control.

AdminS
New Contributor
I made a little progress and can get an authorized response from the API with a list of devices but the WF does not add them to XIQ/Access-Control. Getting closer.

AdminS
New Contributor
Hi Ryan,

I've used the document to get an AP305C to work with XIQ-SE and Extreme Control. I'm struggling to get the workflow mentioned in the document to work though. Some kind of client authorization issue. I've updated the script as instructed and even tried with root but same issue. I just opened a case to try to get help on it (hoping Gitbhub workflows are supported of course).

AdminS
New Contributor

Hello Robert,

That is a great document that was developed by our TME team. I use it myself all the time. 

To answer your questions for future use: 

The AP's needed to be added into the Control --> Switches tab. 

Extreme Control/A3 both can have local users or integration with AD. 

Thanks
-Ryan



c34b3bc41b8040d7a848ffe2ab4fa3af.png
Adding APs into the Control switches tab will add them to a clients.conf file that will make them authorized for RADIUS communication. Without them in the clients.conf file NAC will not respond to RADIUS requests from their IP address. 

We use filter-ID for role assignment with XIQ. 

GTM-P2G8KFN