This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Connected wireless clients are not shown in NAC's End-Systems

Connected wireless clients are not shown in NAC's End-Systems

Ilya_Semenov
Contributor

ā€Ž05-22-2018 05:09 PM

Hello, team,

I have Netsight (7.1.1.9), NAC (7.1.1.9) and V2110 (10.43) installation. Both NAC and V2110 were added to Netsight console using SNMP v3 and they are OK (green).

Now I try to configure wireless users authorization through the NAC.

The problem is wireless clients are not shown in NAC's End-Systems tab, but they are in Wireless tab. When they connect to SSID they get TO NAC's portal interface, then they pass authorization with they AD credentials and then NAC freezes with Endless registration. Experienced guys say: bring you clients to NAC's End-Systems tab first. How? They don't appear there.

What most likely could be the problem?

Many thanks in advance,
Ilya

0 Kudos
33 REPLIES 33

Ostrovsky__Yury
Extreme Employee
In response to Ostrovsky__Yury

ā€Ž05-23-2018 11:15 AM

Yes , but looks like you have an old NMS where it was using ExtremeControl domain with PBR . For more then a year (I think starting from 8.0) we are using Role based redirection , therefore the policy domain is updated to that .

0 Kudos

Ilya_Semenov
Contributor
In response to Ostrovsky__Yury

ā€Ž05-23-2018 11:15 AM

Hello, Yury,

do you mean this policy? Should I apply it to controller in NAC's console?

b9ac1ffac0c64e2ba5862c7224e8d999_RackMultipart20180524-114578-1wtlkj9-dddddffffffff_inline.jpg



Thanks!

0 Kudos

Ostrovsky__Yury
Extreme Employee
In response to Ostrovsky__Yury

ā€Ž05-23-2018 11:15 AM

Instead of creating roles by yourself, you can use Policy domain ā€˜Extreme Controlā€™ , push it to controller, then you donā€™t need to strugle with roles. This domain will push all nessesary things you need for Nac integration. There is also XMC script available for integration with Nac - using combination of polocy domain push and script will make your life easier.
0 Kudos

Ostrovsky__Yury
Extreme Employee
In response to Ostrovsky__Yury

ā€Ž05-23-2018 11:15 AM

Ilia, you roles are way off! You have to have at least two roles on controller named : Unregistered , ā€œGuest Accessā€. Those are the default role names NAC will send back as non-auth and auth respectively. Unless you changed the policy mapping in Nac configuration, you have to have those roles.
0 Kudos

Keene__Scott
Extreme Employee
In response to Ostrovsky__Yury

ā€Ž05-23-2018 11:15 AM

Hello,

It may be easier if you contact the GTAC via phone to troubleshot this but NAC learns usernames from 802.1x or from a Captive Portal login (and in some cases via Kerberos). If the user in NAC has an Authentication Type of MAC Auth and the user did not login/register via NAC's Captive Portal yet, then there will be no username.

If the user "is" authentciaetd in NAC (RADIUS) and you see that user in the Report on the wireless controller, be sure the Unregistered Role is assigned All access to the network and to NAC is then dictated by the Role's polices and the Topology of the VNS etc.

Regards,

Scott Keene
NMS/NAC Support
0 Kudos
GTM-P2G8KFN