Switches

This tab provides information about the switches assigned to an ExtremeControl Gateway engine or ExtremeControl Engine Group. To access this tab, select a gateway or engine group in the left-panel tree, then select the Switches tab in the right panel.

You can right-click on one or more switch for a menu of options.

If you are using the Policy tab, you can also right-click on one or more switch and select from the options in the Policy menu.

Use the table options and tools to filter, sort, and customize table settings. You can access the options by selecting the down arrow in the right corner of any column header.

Switches

Switch IP Address: The switch's IP address.

Switch Nickname: The nickname assigned to the switch when it is added to the ExtremeCloud IQ Site Engine database.

Switch Status: The current operational status of the switch, based on the ExtremeCloud IQ Site Engine device poll. If the device poll did not update the status of a switch, and a Verify RADIUS Configuration operation is performed on that switch, the switch status in the Switches tab can differ from the switch status in the Verify RADIUS Configuration window.

Switch System Name: The assigned name of the device as stored in the device's sysName MIB object.

Primary Gateway: The name and IP address of the switch's primary ExtremeControl Gateway. If load balancing has been configured for the engine group, the ExtremeCloud IQ Site Engine server determines the primary and secondary gateways at Enforce, and this field displays "Determined by Load Balancer."

Secondary Gateway: The name and IP address of the switch's secondary ExtremeControl Gateway. If load balancing has been configured for the engine group, the ExtremeCloud IQ Site Engine server determines the primary and secondary gateways at Enforce, and this field displays "Determined by Load Balancer."

Policy/VLAN: The RADIUS attributes included as part of the RADIUS response.

Policy Domain: The Policy Manager domain the switch is assigned to (if any). You can populate this field by right-clicking on a switch and selecting Policy > Verify Domain. This information does not automatically update if there are domain assignment changes. You need to re-select the menu option to update the domain information.

Auth Access Type

The type of authentication access allowed for this switch:

Any access — the switch can authenticate users originating from any access type.
Management access — the switch can only authenticate users that have requested management access via the console, Telnet, SSH, or HTTP, etc.
Network access — the switch can only authenticate users accessing the network via the following authentication types: MAC, PAP, CHAP, and 802.1X. If RADIUS accounting is enabled, then the switch also monitors Auto Tracking, CEP (Convergence End Point), and Switch Quarantine sessions.
Monitoring - RADIUS Accounting — the switch monitors Auto Tracking, CEP (Convergence End Point), and Switch Quarantine sessions. ExtremeControl learns about these session via RADIUS accounting. This allows ExtremeControl to be in a listen mode, and to display access control, location information, and identity information for end-systems without enabling authentication on the switch.
Manual RADIUS Configuration — RADIUS configuration was performed manually on the switch using Policy Manager or CLI.

Switch Type: Specifies the switch type: a switch that authenticates layer 2 traffic via RADIUS to an out-of-band ExtremeControl gateway, or a VPN concentrator being used in an ExtremeControl VPN deployment.

Switch Location: The physical location of the switch.

Switch Contact: The person responsible for the switch.

Switch Description: A description of the switch, which can include its manufacturer, model number, and firmware revision number.

Management RADIUS Servers: RADIUS servers used to authenticate requests for administrative access to the switch.

RADIUS Accounting: Displays whether RADIUS accounting is enabled or disabled on the switch. RADIUS accounting can be used to determine the connection state of the end-system sessions on the ExtremeControl engine, providing real-time connection status in ExtremeCloud IQ Site Engine. RADIUS accounting is also used to monitor switches for Auto Tracking, CEP (Convergence End Point), and Switch Quarantine authentication sessions, when used in conjunction with the Monitoring or Network Access switch authentication access types. For more information, see the Auth. Access Type section of the Add/Edit Switch Window Help topics.

IP Subnet for IP Resolution: Displays the IP subnet that the switch is using as an inclusive list for MAC to IP resolution. Specifying an IP subnet in a static IP network allows for a router to be used for IP resolution in cases where it would not be discovered via DHCP. IP Subnets also contain an IP range which can be used to filter out secondary IP addresses that are not valid for the network.

Policy Enforcement Points: If the switch is a VPN device (see Switch Type column), this column displays the Policy Enforcement Points that are being used to provide authorization for the connecting end-systems.

Add Switch: Opens the Add Switches to ExtremeControl Engine Group window where you can select switches to add to the engine or engine group.

Edit: Select a switch and select this button to open the Edit Switches in ExtremeControl Engine Group window where you can change the switch's primary and secondary ExtremeControl Gateway (Gateway), and also edit other switch attributes, if desired.

Delete: Select a switch and select this button to delete the switch from ExtremeCloud IQ Site Engine's device database. The switch's primary gateway enforces its own primary RADIUS server as both the primary and secondary RADIUS servers on the switch.

Related Information

For information on related help topics: