This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC (ExtremeControl) - Don't see End-Systems Connected on my ERS Switch

NAC (ExtremeControl) - Don't see End-Systems Connected on my ERS Switch

kevin_phi
New Contributor

‎02-23-2021 10:12 AM

Hello every one, 

I tried to setup Extreme Control on my XMC in order to see what’s connected on our network.

The NAC appliance has been added to my XMC.

My Switch (ERS4900 Series) has been added in “Switches” on Access Control Tab. 

There are two IP Phones connected on the port 1 and 2 but I don’t see these devices in  “end-systems” on Access Control.

Does someone know what I have to do exactly (procedure?), maybe I missed something in my configuration...

I only need to use Access Control in “listen” mode, no authentication or security… only be able to see what’s connnected on my network in a first time.

It would be helpful if someone already have experience(s) about this. 

0 Kudos
16 REPLIES 16

Miguel-Angel_RO
Valued Contributor II

‎02-23-2021 01:57 PM

Indeed, recheck now the NAC config.

Mig

0 Kudos

kevin_phi
New Contributor

‎02-23-2021 01:50 PM

Hi, 

Many thanks for your time. 

The host 192.168.201.211 is my NAC appliance and is reachable from my switch 192.168.204.62.

I think I will start from scratch, I did a lot of tests and it’s not very clean

0 Kudos

Miguel-Angel_RO
Valued Contributor II

‎02-23-2021 01:36 PM

Clean it a little bit:

no radius server host 192.168.201.211 used-by eapol acct-enable
no radius server host 192.168.201.211 used-by non-eapol acct-enable timeout 20

no radius dynamic-server client 192.168.204.62

Removing the specific entry on eapol and non-eapol will force it to use the global one

 

Can the switch ping the radius?

Mig

0 Kudos

kevin_phi
New Contributor

‎02-23-2021 01:10 PM

SW_DUDELANGE#show run module radius

******************************************************************************
        Command Execution Time: 2021-02-23 14:07:04 GMT+01:00    UTC time: 2021-02-23 13:07:04
******************************************************************************
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 4926GTS-PWR+
! Software version = v7.8.1.055
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** RADIUS ***
!
radius server host 192.168.201.211 acct-enable
radius server host 192.168.201.211 used-by eapol acct-enable
radius server host 192.168.201.211 used-by non-eapol acct-enable timeout 20
radius accounting interim-updates enable
!
! *** RADIUS Dynamic Server ***
!
radius dynamic-server replay-protection

radius dynamic-server client 192.168.201.211
radius dynamic-server client 192.168.201.211 port 3799
! radius dynamic-server client 192.168.201.211 secret ****************
! radius dynamic-server client 192.168.201.211 enable
radius dynamic-server client 192.168.201.211 process-change-of-auth-requests
radius dynamic-server client 192.168.201.211 process-disconnect-requests
radius dynamic-server client 192.168.201.211 process-reauthentication-requests

radius dynamic-server client 192.168.204.62
radius dynamic-server client 192.168.204.62 port 3799
! radius dynamic-server client 192.168.204.62 secret ****************

0 Kudos

Miguel-Angel_RO
Valued Contributor II

‎02-23-2021 01:03 PM

Please share the output of the following:

“show run module radius”

Mig

0 Kudos
GTM-P2G8KFN