In this post, I introduce that how to integrate Networks Access Controller (NAC) with ExtremeWireless Contoller (EWC) which includes
- Configure NAC gateway
- Config Authentication setting for integration
Configure NAC gateway
As you could see the following topology which we had shown in BYOD lab - 1, NAC is between EWC and Radius Server. From EWC view, NAC is the security gateway.
Configure NAC gateway
Open ExtremeManagment and Add access Control Engine, in this example, ip address is 192.168.10.3 and name is GTAC-NAC. Then, select the current profile which you created and save.
Add EWC into NAC, Select Switches tag and Add Switches as the following
- Set the primary Gateway parameter to the IP address of the NAC Gateway
- Set the Auth Access Type to Network Access to set the Radius configuration type directly to the set of selected device
- The Gateway radius attributes to send attribute selection will depend on the device type. Since the ExtremeWireless Controller supports both the Extreme Policy and RFC3580, we choose RFC 3580-VLAN ID & Extreme IdentFI Wireless.
- Enable Radius Accounting
Note, the Extreme IdentiFi Wireless attributes, will send the Policy/Role via the Filter-ID with the addition of the Login-LAT-Port. The Login-LAT-Port will notify the controller if the end-user is authenticated. Policies Roles such as Quarantine and Unregistered are considered non-authenticated roles.
By doing the similar way, NAC could add radius server as you could see the following picture.
At last, please do not forget to click "Enforce" button.
Config Authentication setting for integration
On the other side, you need to add NAC as the security gate way into wireless controller, as shown in the following picture.
No comments:
Post a Comment