This tab provides information about the switches assigned to an Extreme Access Control Gateway engine or Access Control engine Group. To access this tab, select a gateway or engine group in the left-panel tree, then click the Switches tab in the right panel.
Right-click on one or more switch for a menu of options including launching the Node Alias and Multi Auth FlexView and the RADIUS Client Information FlexView.
If you are using Policy Manager, right-click on one or more switch and select from the following Policy options:
- Port Configuration Wizard - Accesses the Policy Manager Port Configuration Wizard. Select from pre-configured defaults for MAC, 802.1X, or MAC + 802.1X authentication, or select the complete wizard which leads you through all the steps required to configure a port or ports, including setting the port authentication configuration and default role. (If the devices are not in a domain or are in more than one domain, any role specific configuration, such as setting the default role, is disabled.)
- Display Domains Associated with Switches - Retrieves the Policy Manager domains associated with the switches and displays them in the Policy Domain column in the tab.
- Set Domain - Lets you assign the switch to a Policy Manager domain.
- Verify Domain Policy Settings with Network - Verify that the roles in the assigned Policy Manager domain have been enforced to the switch.
- Enforce Domain Policy Settings with Network - Enforce the roles in the assigned Policy Manager domain to the switch.
Use the table options and tools to find,
filter, sort, print, and export information in a table and customize table settings. Access the Table
Tools through a right-mouse click on a column heading or anywhere in the table
body, or by clicking the Table Tools
button in the
upper left corner of the table (if you have the row count column displayed). For more information, see the Suite-Wide Tools Help topic on
Table Tools.
Click the graphic for more information.
- Filter
- Use the Filter field to filter for a specific switch or switches based on a numeric value or text.
- Switch Nickname
- The nickname assigned to the switch when it is added to the Extreme Management Center database.
- Switch Status
- The current operational status of the switch, based on the Management Center Console device poll. If the Console device poll did not update the status of a switch, and a Verify RADIUS Configuration operation is performed on that switch, the switch status in the Switches tab may differ from the switch status in the Verify RADIUS Configuration window.
- Primary Gateway
- The name and IP address of the switch's primary Access Control Gateway. If load balancing has been configured for the engine group, the Management Center server determines the primary and secondary gateways at Enforce, and this field displays "Determined by Load Balancer."
- Secondary Gateway
- The name and IP address of the switch's secondary Access Control Gateway. If load balancing is configured for the engine group, the Management Center server determines the primary and secondary gateways at Enforce, and this field displays "Determined by Load Balancer."
- Policy Domain
- The Policy Manager domain to which the switch is assigned (if any). Populate this field by right-clicking on a switch and selecting Policy > Display Domains Associated with Switches. This information does not automatically update if there are domain assignment changes. You need to re-select the menu option to update the domain information.
- Auth Access Type
- The type of authentication access allowed for this
switch:
- Any access - the switch can authenticate users originating from any access type.
- Management access - the switch can only authenticate users that have requested management access via the console, Telnet, SSH, or HTTP, etc.
- Network access - the switch can only authenticate users that are accessing the network via the following authentication types: MAC, PAP, CHAP, and 802.1X. If RADIUS accounting is enabled, then the switch also monitors Auto Tracking, CEP (Convergence End Point), and Switch Quarantine sessions.
- Monitoring - RADIUS Accounting - the switch monitors Auto Tracking, CEP (Convergence End Point), and Switch Quarantine sessions. NAC Manager learns about these session via RADIUS accounting. This allows NAC Manager to be in a listen mode, and to display access control, location information, and identity information for end-systems without enabling authentication on the switch.
- Manual RADIUS Configuration - RADIUS configuration is performed manually on the switch using Policy Manager or CLI.
- Switch Type
- Specifies the switch type: a switch that authenticates layer 2 traffic via RADIUS to an out-of-band Access Control gateway, or a VPN concentrator being used in a NAC VPN deployment.
- Switch Description
- A description of the switch, which may include its manufacturer, model number, and firmware revision number.
- Management RADIUS Servers
- RADIUS servers used to authenticate requests for administrative access to the switch.
- RADIUS Accounting
- Displays whether RADIUS accounting is enabled or disabled on the switch. RADIUS accounting can be used to determine the connection state of the end-system sessions on the Access Control engine, providing real-time connection status in NAC Manager. For more information, see How to Enable RADIUS Accounting. RADIUS accounting is also used to monitor switches for Auto Tracking, CEP (Convergence End Point), and Switch Quarantine authentication sessions, when used in conjunction with the Monitoring or Network Access switch authentication access types. For more information, see the Auth. Access Type section of the Add/Edit Switch Window Help topics.
- IP Subnet for IP Resolution
- Displays the IP subnet that the switch is using as an inclusive list for MAC to IP resolution. IP subnets are configured in the Appliance Settings > IP Resolution tab. Specifying an IP subnet in a static IP network allows for a router to be used for IP resolution in cases where it is not discovered via DHCP. IP Subnets also contain an IP range Extreme Management Center uses to filter out secondary IP addresses not valid for the network. For more information on MAC to IP Resolution, see the NAC Deployment Guide.
- Policy Enforcement Points
- If the switch is a VPN device (see Switch Type column), this column displays the Policy Enforcement Points that are being used to provide authorization for the connecting end-systems.
- Add Switch
- Opens the Add Switches to NAC Appliance Group window, where you can select switches to add to the engine or engine group.
- Edit
- Select a switch and click this button to open the Edit Switches in NAC Appliance Group window, where you can change the switch's primary and secondary Access Control Gateway (Gateway), and also edit other switch attributes, if desired.
- Delete
- Select a switch and click this button to delete the switch from NAC Manager's device database. The switch's primary gateway enforces its own primary RADIUS server as both the primary and secondary RADIUS servers on the switch.
For information on related windows:
