cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

NAC portal for wifi-users: UserNames are not displayed in XMC>>Wirelles>>Clients

NAC portal for wifi-users: UserNames are not displayed in XMC>>Wirelles>>Clients

Ilya_Semenov
Contributor
Hello, team,

I've partially configured V2110&NAC integration. There is a webportal on NAC, where wireless users login using their AD credentials.

The main goal of this configuration was to get an ability to see AD usernames in XMC >> Wireless >> Clients.

But now I see just IPs, MACs, Device Types and nothing more for authorized clients. How can I fix it?

Also, I've experienced the following issues during authorization process:

1) When I use iPhone to connect to SSID, it gets me to the NAC's webportal, but it is displayed just about 10 seconds. If I input credentials in this time, everything is ok I get registration, if I input it more than 10 sec, iphone brings me back to SSIDs list. WTF? With Nokia Lumia 950 it works perfectly well without time limits.
2) When I use Windows 10 laptop I get "Endless registration" on NAC webportal in browser, but in spite of this, I get access to network also.

What should I do to fix it?

1) I need to have enough time to input credentials on Apples
2) I want to avoid "Endless registration" message on laptops.

Please, help!

Many thanks in advance,
Ilya

There are some logs&pics below:

1d428f72b15e4a76828f5edcb7931217_RackMultipart20180711-10720-1b1jrbt-Capture2_inline.png



It's for Endless registration from laptop:

7 REPLIES 7

Zdeněk_Pala
Extreme Employee
Hi

another reason for the described behavior can be short DHCP lease time or the user roams from one AP to another. Is the client stable on the wireless AP or it does roam and roam and roam?

Regards Zdeněk Pala

Clients are stable, Zdenek. Thanks.

Ryan_Yacobucci
Extreme Employee
Hello,

1. If you changed the WLAN service mode to be 802.1x you will be able to see the username in the XMC Wireless --> Clients section.

This will cause a fundamental change in authentication requiring the end systems to complete 802.1x authentication. This is likely not a configuration change you want to make as you have a captive portal configuration.

You can configured 802.1x and captive portal at the same time, but this causes the client to have to login twice in order to get on the network, which is redundant.

2 --> waiting for results

3 --> waiting for results

4. Enable debug for:
Captive Portal - Display
Captive Portal - Registration and Remediation

Authentication Request Processing - NAC

Once you enable the debug delete the client and attempt to register.

Once you have completed the test disable the diagnostics and send in the /var/log/tag.log and export the end system events.

I would suggest a GTAC case for this šŸ™‚

Thanks
-Ryan

Hello, Ryan,

a Kind Man has consulted me today - it's seems that there was kind of misunderstanding.

Usernames have appeared in NAC>End-Systems, but have not appeared in Wireless>Clients - and it is expected behavior. That is sad.

So, the only thing remains to correct is the Endless registration on Windows 10 laptops. Tomorrow I'll check this issue with different Windows versions.

Thanks for your help!

GTM-P2G8KFN