cancel
Showing results for 
Search instead for 
Did you mean: 

XIQ & Control: defining RADIUS supplicants on XIQ APs in a location manually or via priority

XIQ & Control: defining RADIUS supplicants on XIQ APs in a location manually or via priority

Volker_Kull
Contributor

Integration of XIQ APs into XMC control (NAC) for AAA needs to preconfigure possible RADIUS supplicants in control. This is the base to communicate from AP via RADIUS to control. Having hundreds of APs in a location (site) they all are possible Radius supplicants and have been a RADIUS client in XMC/Control. This is hard work, difficult to configure and blocks a lot of licenses. It brings unneeded amount of rows into devices list.

Why not enable an option to select manually or via priotity parameter the RADIUS feature on site/location APs? Adding a static lease for these supplicant APs to DHCP server will end up in a useful solution without importing all APs …

Comments and ideas welcome.

br

Volker

4 REPLIES 4

AlexN
Extreme Employee

Gents, 

final answer on this one: no, it’s not planned as XIQ and Control APIs allow you to automate it pretty easily. 

  1. dump all APs from XIQ
  2. add them into Control or remove APs that are no longer in XIQ
  3. Repeat on scheduled basis
Best regards/Un saludo
Alex

AlexN
Extreme Employee

May I propose one thing here ?

  1. mgmt subnet/vlan for APs (and switches) should be separate
  2. DHCP in mgmt VLAN should be configured for long enough lease times, so that no static assignments are needed 
  3. it’s simple to script discovery/addition of APs to Control Engines/groups 
Best regards/Un saludo
Alex

Volker_Kull
Contributor

Thomas,

that is a very good option or extension. It could work like the VIP in VRRP…

Additionally we would not need the static DHCP entry for the defined Radius supplicants (APs).

br

Volker

Thomas_Gfeller
New Contributor III

Hi Volker

If i am right, we used the RadSec Proxies as the Radius Client so we had not to add all APs into XMC/ Control. But these are still defined by XIQ in the background and are not determinable by the Admin i guess (it was so from 1year ago).

Nevertheless, i think it would be great if there is a way to simplify that by giving the administrator the choice of which AP should be the radius client….maybe it hasent to be a physical AP, it could be something like an virtual IP address which is in charge for sending the Radius Messages (i know that other vendors implemted it like that) so we havent to worry about which AP should be the Radius Clients...

Regards

Tom

GTM-P2G8KFN