Extreme Networks

Ilya_Semenov · ‎01-22-2018

Hello, everybody,

please, take a look at my configuration of a switch:

RADIUS-accounting servers are NAC servers. RADIUS accounting is set Enabled.

Should I explicitly set them in RADIUS servers? Tick the box and set both NAC servers as accounting servers? Or this is not necessary?

f042944781fe48188de450d7d9827fa8_RackMultipart20180122-32384-1j167xc-555_inline.jpg

I ask it because when I do "Verify RADIUS configuration" procedure I get the error below in spite of MAC authenticaton works

f042944781fe48188de450d7d9827fa8_RackMultipart20180122-33188-15m3u7-666_inline.jpg

Many thanks in advance,
Ilya

Ryan_Yacobucci · ‎01-22-2018

Hello,

It's necessary if NAC is controlling the RADIUS configurations on the switch and you want RADIUS accounting.

Configuration the "Switches" section does two things:

1. Updates the "clients.conf" file in the NAC to allow processing of RADIUS requests from the host and configures the RADIUS attributes to send scheme in NAC.

2. When "Enforce" and the device is supported NAC will write the appropriate RADIUS configurations to the switch. If RADIUS Accounting isn't configured and NAC can write RADIUS configurations it will overwrite any manual configurations that already exist.

Thanks
-Ryan

Ilya_Semenov · ‎01-22-2018

Thank for your reply, Ryan!

I've set explicitly both NAC servers as RADIUS accounting server. Enforced switches. Nothing changed. "Verify RADIUS configuration" still reports Failure as check result.

I'll what happens tomorrow when people come and login.

Thanks.

Extreme Networks

Should radius-accounting servers for a switch be explicitly set in NAC?

Should radius-accounting servers for a switch be explicitly set in NAC?