NetSight NAC JSS Integration

lionelgruenberg
New Contributor III

Has anyone been through the process of integrating a JSS with a Extreme Networks NetSight NAC appliance? Interested in learning from the experience of others. I'm looking to avoid the "Gotchas", learn more about BYOD device registration options, and gain additional insight into the Mac agent support.
Thanks!
-L

8 REPLIES 8

perrycj
Contributor III

I haven't used this specific product but I used something pretty close to it.

What we did was install SSH keys into a hidden admin account that was only made by Casper. So once then account was made, a hidden ~/.ssh folder was made and inside that hidden folder were the SSH keys. The SSH keys were generated by the NAC appliance and as long as the client had those keys, they were allowed on the network and everything worked fine.

Not sure if that helps you at all but that was my experience.

jchurch
Contributor II

and what about iOS devices?

pchang
New Contributor

@lionelgruenberg were you able to get the NetSight JSS integration to work? We are looking at implementing this and I am curious how well it works.

jchurch
Contributor II

we have the Extreme guys in all next week to get ours configured. i should have more info for you after we have it running for a week or so.

jandrewartha
New Contributor II

We were the first customers of the NetSight/Casper integration, so I should be able to answer any questions you have.

jchurch
Contributor II

the extreme guys should show up in an hour or so. any words of wisdom? questions i should ask? pitfalls i should look out for?

jandrewartha
New Contributor II

Oops, didn't have email notification on. Anyway, the biggest thing is your devices will only be in one end-system group in Netsight at a time, based on the casperPriority set in the Netsight group. So you'll need to plan your groups and rules accordingly. We try and use Casper groups (smart or static) as the source of truth, because if you manually move an end-system, Netsight won't override your change and move it again.

We tried the assessment portal, triggering on a last update time of greater than 2 weeks, but it's not great for iOS devices. If we want to have an iPad brought in, we just send out a profile that disables Safari which is pretty effective.

The guest portal is pretty good, we're 1:1 not BYOD so it's only used for actual guests, not staff/students registering their devices with their own username/password.

jchurch
Contributor II

well after several back and forths with the vender and the engineers. and one remote session with the actual guy who wrote the casper plugin. yesterday the applied an update to netsight and the NAC appliance. it took all day to chomp down the casper database but now everything is working perfectly. we even took it on step further and have netsight forwarding the casper info along to our web filter so users no longer have to authenticate to the filter.