This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC - 802.1x End-Systems IP missing, forward AAA

NAC - 802.1x End-Systems IP missing, forward AAA

Go to solution
tfsnetman
Contributor

‎05-28-2021 12:58 AM

Hello,

 

We have two Cisco WLCs 5500 using our Extreme NACs as Radius Authentication and Accounting servers.

  • While Authentication works nicely, I am missing some IP addresses from End-Systems while others are there.
    • Any idea why?
  • We would also like to forward the username / identity to a FortiGate firewall.
    • How would I do that?

Thank you,

 

Klaus

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
StephanH
Valued Contributor III

‎05-31-2021 11:16 AM

Hello Klaus,

maybe the ExtremeConnect integration for FortiGate is what you need. Check the manual here:

 

https://documentation.extremenetworks.com/netsight/8.5/XMC_8.5_ExtremeConnect_User_Guide.pdf?_ga=2.2...

 

If you need other information in you Fortigate. Maybe the XMC NBI-API can help you.

Regards Stephan

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
tfsnetman
Contributor

‎06-02-2021 02:15 AM

Thank you Stephan,

Added the NACs as a secondary DHCP server on all WLC interfaces which increased the accuracy for MAC IP address resolution.

Since both the NACs and the DHCP server are in the same subnet I would have expected this to work based on DHCP multicast messages alone.

I was also able to use the FortiGate SSO module in the XMC Connect which is now forwarding Radius accounting information. The sender IP of the Radius data is the XMC and not the NAC.

All the best,

Klaus

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎06-01-2021 06:31 AM

Hello Klaus,

because of the additional information you metioned, you know your helper setting is correct.

To see what's goung wrong with your ip resolution, follow that guide for debugging and check the output in the log file:

https://extremeportal.force.com/ExtrArticleDetail?an=000082183&q=mac%20to%20ip%20resolution%20failed

 

Regards Stephan
0 Kudos

Go to solution
tfsnetman
Contributor

‎06-01-2021 12:16 AM

Hi Stephan,

Adding the Extreme NACs as a secondary DHCP on the Cisco WLCs is providing additional information such as Device Type and hostname but doesn’t help with further IP addresses.

Thank you for pointing me to the manual. I will have my black belt / PhD in XMC, Control after applying that knowledge.

Cheers, Klaus

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎05-31-2021 11:16 AM

Hello Klaus,

maybe the ExtremeConnect integration for FortiGate is what you need. Check the manual here:

 

https://documentation.extremenetworks.com/netsight/8.5/XMC_8.5_ExtremeConnect_User_Guide.pdf?_ga=2.2...

 

If you need other information in you Fortigate. Maybe the XMC NBI-API can help you.

Regards Stephan
0 Kudos
GTM-P2G8KFN