This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connected wireless clients are not shown in NAC's End-Systems

Connected wireless clients are not shown in NAC's End-Systems

Ilya_Semenov
Contributor

‎05-22-2018 05:09 PM

Hello, team,

I have Netsight (7.1.1.9), NAC (7.1.1.9) and V2110 (10.43) installation. Both NAC and V2110 were added to Netsight console using SNMP v3 and they are OK (green).

Now I try to configure wireless users authorization through the NAC.

The problem is wireless clients are not shown in NAC's End-Systems tab, but they are in Wireless tab. When they connect to SSID they get TO NAC's portal interface, then they pass authorization with they AD credentials and then NAC freezes with Endless registration. Experienced guys say: bring you clients to NAC's End-Systems tab first. How? They don't appear there.

What most likely could be the problem?

Many thanks in advance,
Ilya

0 Kudos
34 REPLIES 34

Ilya_Semenov
Contributor
In response to Ronald_Dvorak

‎05-24-2018 05:13 PM

Ron, I am not following you...

What additional step you are talking about?

University students and staff have to input their credentials manually on NAC portal by hands, SSO is not needed. They have to see portal interface and links on it.

Sense of your rule is not clear for me, I just make my first steps with NAC.

Thank you...
0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Ronald_Dvorak

‎05-24-2018 05:13 PM

Nope no joke....

My question is whether this additional step is needed.
I also use NAC to authenticate my internal/staff clients but why via a portal if username/password authentication is build into the client = 802.1X PEAP via NAC/LDAP.

I'd unterstand if you'd like to authenticate older devices that sometimes don't support PEAP and then choose a portal or for guest portal access but not if the clients support PEAP and they are internal/staff = in the AD.

I.e. my rule....

390fbc1794b54bdea46eeae09c4c7aeb_RackMultipart20180525-113105-6ba191-NAC_rule_PEAP_inline.png


Only a user with 802.1X auth, in the AD group WLAN, in the MAC list Ron, on the SSID Secure Access is able to get this Policy/Role and is able to connect.

The use of 802.1X also makes sure that the connection AP<->Client is encrypted.

Could be that I don't unterstand the design requirement - that was the reason for my question.
0 Kudos

Ilya_Semenov
Contributor
In response to Ronald_Dvorak

‎05-24-2018 05:13 PM

Ron, are you kidding?

The main goal is to sell NAC.

Now the customer has a beautiful web page on Fortigate, where users input their AD credentials. It is impossible to create it on V2110. IMPOSSIBLE.
0 Kudos

Ostrovsky__Yury
Extreme Employee

‎05-23-2018 11:15 AM

The easiest way is to enable diagnostic. Go to web page of nac , port 8443. The creds please check via old java app. Then go to diagnostic, enable things related to radius. The output check at /var/log/radius/radius.log. I am sure the problem will be obvious from there.
0 Kudos

Ostrovsky__Yury
Extreme Employee
In response to Ostrovsky__Yury

‎05-23-2018 11:15 AM

You should be getting email by now. Let me know if not.
0 Kudos
GTM-P2G8KFN