Configuring an External NAC Server for MBA and AAA Authentication

Deployment Strategy

The following deployment strategy uses an external NAC (Network Access Control) server to authenticate client sessions using MBA and AAA authentication methods. We will configure the “Use Default Auth” and the “Pass Through External RADIUS” Accept Policy actions upon successful user authentications.

For this strategy we are using the following:
  • One of the following ExtremeWireless™ access points:
    • AP3000/X
    • AP302W
    • AP305C/CX
    • AP305C-1
    • AP310i/e
    • AP310i/e-1
    • AP360i/e
    • AP4000
    • AP4000-1
    • AP410i/e
    • AP410i-1
    • AP410C
    • AP410C-1
    • AP460i/e
    • AP460C/S6C/S12C
    • AP5010
    • AP5050U/AP5050D
    • AP505i
    • AP510i/e
    • AP510i-1
    • AP560i/h
    • AP3917i/e/k
    • AP3916ic
    • AP3915i/e
    • AP3912i
    • AP3935i/e
    • AP3965i/e
  • An external NAC server running version 21.9.10 and an ExtremeCloud IQ - Site Engine server to manage and configure the NAC server.
Click to expand in new window
External NAC Server / ExtremeCloud IQ Controller Setup
9038115-00 Rev. AA