Integrating Fortinet / Meru WLC into Extreme Control w/ Captive Portal
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2019 12:47 PM
I'm trying to get my Fortinet gear to talk to my Extreme Control NAC like my Extreme wireless does.
I have a 6+ year old article that references Enterasys NAC (Legacy NAC Manager looks very similar) and an old Meru branded WLC (Enterasys NAC with Meru Wireless Integration Guide). While these environments are similar to my setup (Extreme Control + Fortinet branded appliance), there seems to be some setting differences between the editions.
Also, since I've inherited this system, I was told by Extreme Engineers that my current Extreme system is using a COS_40 setup to send traffic to the NAC. Is that something I should be able to leverage on the Fortinet end?
This is all to get a BYOD SSID up and running at multiple sites. Obviously the Extreme wireless works very well, but integrating the remaining Fortinet is causing me some issues.
I have a 6+ year old article that references Enterasys NAC (Legacy NAC Manager looks very similar) and an old Meru branded WLC (Enterasys NAC with Meru Wireless Integration Guide). While these environments are similar to my setup (Extreme Control + Fortinet branded appliance), there seems to be some setting differences between the editions.
Also, since I've inherited this system, I was told by Extreme Engineers that my current Extreme system is using a COS_40 setup to send traffic to the NAC. Is that something I should be able to leverage on the Fortinet end?
This is all to get a BYOD SSID up and running at multiple sites. Obviously the Extreme wireless works very well, but integrating the remaining Fortinet is causing me some issues.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-28-2020 09:35 AM
Hi,
Is any one have integration guide (Enterasys NAC with Meru Wireless Integration Guide)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-02-2019 09:48 PM
Hi guayc,
To confirm that I understand, you have some switches and a Fortinet as a default gateway, and want to use Fortinet to redirect users (wired/wireless) to a Captive Portal hosted at Extreme Access Control?
You have couple of options for Captive Portal redirection, the most generic ones are Policy Based Routing and DNS Proxy. "COS_40" sounds like the first one, and that's how it works:
Kind regards,
Tomasz
To confirm that I understand, you have some switches and a Fortinet as a default gateway, and want to use Fortinet to redirect users (wired/wireless) to a Captive Portal hosted at Extreme Access Control?
You have couple of options for Captive Portal redirection, the most generic ones are Policy Based Routing and DNS Proxy. "COS_40" sounds like the first one, and that's how it works:
- Your new client device walks through MAC authentication on a switch (EAC as a RADIUS server), due to NAC profiling rules it gets Unregistered policy.
- That policy, applied on a switch (could be some script or RFC3580-induced VLAN with relevant ACL applied to it) results in having TCP port 80 traffic marked with DSCP.
- When that web traffic (some HTTP request) reaches the gateway, it has an ACL for PBR that results in using NAC as a next-hop for that TCP 80 traffic with DSCP marking.
- NAC gets the request and takes over the web communication with a client device.
Kind regards,
Tomasz
