This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC&V2110: unable to change from Admin port to esa0 IP

NAC&V2110: unable to change from Admin port to esa0 IP

Ilya_Semenov
Contributor

‎04-26-2018 03:21 PM

Hello, team,

I try to follow this article:

https://extremeportal.force.com/ExtrArticleDetail?an=000090139

...and I can't do this:

  • EWC Connection: Change from Admin port IP (192.168.10.1) to esa0 IP

IP-address on esa0 was assigned, but I can't select it here - it's absent and only Admin IP is available. Why?

Many thanks in advance,

Ilya
 

0 Kudos
23 REPLIES 23

Ilya_Semenov
Contributor
In response to Ronald_Dvorak

‎04-26-2018 03:25 PM

I found it, thanks. Default protocol matters? PAP or...MS-CHAP?
0 Kudos

Ostrovsky__Yury
Extreme Employee
In response to Ronald_Dvorak

‎04-26-2018 03:25 PM

The shared secret is in Appliance setting, Credential. The default is ETS_TAG_SHARED_SECRET but you can change it. And yes, you have to add your NAC to wireless controller as Radius server, and enable mac-auth on wlan.
0 Kudos

Ilya_Semenov
Contributor
In response to Ronald_Dvorak

‎04-26-2018 03:25 PM

Hello, Yury,

Should NAC be the RADIUS server or who? If NAC, where can I set shared secret on NAC's side? I didn't find such place.

On NAC's side I have only this and AD authorization works fine through portal. Is it OK?

e029ac75bc3b4dfdababaf52c1b4c6a8_RackMultipart20180428-3023-1myak4b-AD_inline.jpg



e029ac75bc3b4dfdababaf52c1b4c6a8_RackMultipart20180428-40251-1r7r38n-MegaNAC_inline.jpg



Thank you very much!
0 Kudos

Ostrovsky__Yury
Extreme Employee
In response to Ronald_Dvorak

‎04-26-2018 03:25 PM

If you enable Captive Portal on NAC (and you did) that should be enough. Since you don’t see the clients in end-system table check two things : 1. Did you enable MAC-auth on WLAN ? If not please do it. 2. Check the Radius server shared secret is correct For redirect , yes it is global setting and will affect all Captive Portal VNS’s configured on controller. There are no side affects, only pop-up on client  Btw, your non-auth and auth does not matter, in your case NAC is the master abd controling what roles are assigned (via sending Filter-ID back to controler)
0 Kudos

Ilya_Semenov
Contributor
In response to Ronald_Dvorak

‎04-26-2018 03:25 PM

Hello, Yury,

thanks for your reply.

At this point I didn't configured any NAC profiles. Only at V2110 side (Authenticated/Non-Authenticated). Should I configure NAC profiles? My NAC version is 7.1.1.9.

If I switch to "Redirect detection messages to the Captive Portal", will it affect all SSIDs? Are there any side effects?

Are there any ways to troublehoot endless registration? Any logs? During this process there are no clients in Endpoints. But this for wired and with non-Summit switches.

Thank you very much, Yury!
0 Kudos
GTM-P2G8KFN