This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC - 802.1x End-Systems IP missing, forward AAA

NAC - 802.1x End-Systems IP missing, forward AAA

Go to solution
tfsnetman
Contributor

‎05-28-2021 12:58 AM

Hello,

 

We have two Cisco WLCs 5500 using our Extreme NACs as Radius Authentication and Accounting servers.

  • While Authentication works nicely, I am missing some IP addresses from End-Systems while others are there.
    • Any idea why?
  • We would also like to forward the username / identity to a FortiGate firewall.
    • How would I do that?

Thank you,

 

Klaus

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
StephanH
Valued Contributor III

‎05-31-2021 11:16 AM

Hello Klaus,

maybe the ExtremeConnect integration for FortiGate is what you need. Check the manual here:

 

https://documentation.extremenetworks.com/netsight/8.5/XMC_8.5_ExtremeConnect_User_Guide.pdf?_ga=2.2...

 

If you need other information in you Fortigate. Maybe the XMC NBI-API can help you.

Regards Stephan

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
Stefan_K_
Valued Contributor

‎05-29-2021 08:13 PM

This is one of several possibilites. Other options are for example:

  • radius accounting (as tfsnetman stated)
  • nodealias (not possible here)

I had the problem once that NAC couldn’t display end-system IP-addresses. DHCP was configured correctly and Radius accounting was also enabled. Maybe tfsnetman has the same problem. Only solution was nodealias.

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎05-28-2021 03:13 PM

Hello,

typically the NAC gets the MAC IP mapping information by reading DHCP requests and responses.
For this purpose, NAC is registered as a DHCP server on the routers that forward DHCP requests (=DHCP relays).
This does not work with static IP addresses on the end devices.

So my question: Is the difference between the devices for which the ip addresses are displayed and for the devices for which they are not displayed that one uses DHCP and the other not?

Regards Stephan
0 Kudos
GTM-P2G8KFN