This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC Feature "RADIUS Clients to Monitor NAC"

NAC Feature "RADIUS Clients to Monitor NAC"

M_Nees
Contributor III

‎11-18-2016 08:29 AM

During playing around (for another huge installation) in my lab NAC, i stumble over the above feature!

RADIUS Clients to Monitor NAC ??

Are there any use cases or configuration examples? Current Online Help, NAC Manuals are not helpful.

What is the difference between using "RADIUS Clients to Monitor NAC" or to configure a out-of-band system (like nagios) in standard "switch section" as regular RADIUS client to test RADIUS requests?

replys are welcome.

6 REPLIES 6

Ryan_Yacobucci
Extreme Employee

‎11-19-2016 03:00 PM

Hello Matthias,

Please see the following help section description for the service:

Any authentication request coming from an IP address that matches the list of RADIUS monitor clients will be authenticated using the password you provided in the AAA mapping. In these cases, the username does not matter. The password configured will not be able to be used for authentication from any other part of the network. The Access Control engine responds back with a basic accept to any RADIUS monitor client’s RADIUS request.

Thanks
-Ryan
0 Kudos

Erik_Auerswald
Contributor II

‎11-18-2016 02:19 PM

Hello Matthias,

as I understand this feature, it can be used to monitor NAC using e.g. Nagios/Icinga (or Spectrum or ...) with a special account that is valid for monitoring only. This account does not allow network access. This is more secure than using a real user account for monitoring.

Erik
0 Kudos
GTM-P2G8KFN