This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

integrate wireless controller with NAC

integrate wireless controller with NAC

Darrin_Tingey
New Contributor II

‎09-07-2017 05:34 PM

We have a c35 controller and netsight I am just trying right now to make a simple connection to the nac through a vns wlan service. I have set up the radius under authentication for the NAC. IN NAC manager I am able to verify the NAC connection. I have set up the AAA I believe correctly. When I try to connect a client I get a message on client wrong user name and password but in the logs of the controller I see a message that there is no Radius server available for WLAN. There has to be something I am missing but I have no idea what. I can send you what ever screen shots you may need to help. Thanks for any help. This has been very frustrating process.
12 REPLIES 12

Darrin_Tingey
New Contributor II

‎09-12-2017 08:34 PM

thank you, I believe I have that set correctly. I get a message on device that username and password is incorrect but the log on the controller shows No radius server available for WLAN service.

I have the NAC as the radius server on the controller and assigned to the WLAN. I have checked the shared secret many times and they are the same. I am obviously missing something between the controller and the NAC

0 Kudos

Ryan_Yacobucci
Extreme Employee

‎09-12-2017 06:25 PM

Here is a link to the image as it's unreadable:
https://extremenetworks2com-my.sharepoint.com/personal/ryacobuc_extremenetworks_com/Documents/Shared...

Thanks
-Ryan

0 Kudos

Ryan_Yacobucci
Extreme Employee

‎09-12-2017 06:23 PM

Hello,

It is possible to have NAC authenticate a user based on it's existence in the local password repository

See the following screenshot:

9b73e1d3879e4a27a844bbe3b218810a_RackMultipart20170912-76622-9ilfji-Hub_inline.png



If this is posted and is too small to read I'll send it to a file share.

The top line would check any 802.1x request and if the username is "Username" it would attempt to authenticate it using the local password repository, so as long as the user exists there it would be successful.

The 2nd Line would send any username that has "Proxy"in the username to the Proxy RADIUS server 1.1.1.1.

The 3rd line would be used for all other authentications that did not pass the 1st and 2nd and attempt LDAP authentication.

You should be able to use the 1st line as an example of how to authenticate a user using the local password repository.

Thanks
-Ryan

"
0 Kudos

Darrin_Tingey
New Contributor II

‎09-12-2017 06:14 PM

Correct, I am wanting to authenticate to the local user name on the AAA settings directly on the NAC is that possible.
0 Kudos

Ryan_Yacobucci
Extreme Employee

‎09-09-2017 09:38 PM

Hello,

It sounds like you might be trying to set up an 802.1x WLAN service on the EWC? Is this correct?
If so, are you doing proxy RADIUS or LDAP authentication?

You said "username and password are correct" so I figured this isn't MAC authentication.

Thanks
-Ryan
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN