XIQ-SE and NAC Upgrade


Upgrading ExtremeCloud IQ – Site Engine Engine Software
Upgrades to the ExtremeCloud IQ – Site Engine engine software are available on
the ExtremeCloud IQ – Site Engine web page.
Prior to performing an upgrade, you can create a snapshot of the engine that
you can revert to in the event an upgrade fails. Refer to the vSphere client
documentation for instructions on creating a snapshot.
1. On a system with an internet connection, go to the ExtremeCloud IQ – Site Engine
web page: http://extranet.extremenetworks.com/downloads/pages/NMS.aspx.
2. Enter your email address and password.
You will be on the ExtremeCloud IQ – Site Engine page.
3. Click on the Software tab and select a version of ExtremeCloud IQ – Site Engine.
4. Download the ExtremeCloud IQ – Site Engine virtual engine image from the
ExtremeCloud IQ – Site Engine Virtual Appliance (engine) section.
5. Use FTP, SCP, or a shared mount point, to copy the file to the ExtremeCloud IQ – Site
Engine virtual engine.
6. SSH to the engine.
7. Cd to the directory where you downloaded the upgrade file.
8. Change the permissions on the upgrade file by entering the following command:
chmod + x ./ExtremeCloudIQSiteEngine_<version>_64bit_
9. Run the install program by entering the following command:
The upgrade automatically begins.
The ExtremeCloud IQ – Site Engine Server are restarted automatically when the
upgrade is complete. Because your ExtremeCloud IQ – Site Engine engine
settings were migrated, you are not required to perform any configuration on
the engine following the upgrade.



After upgrade verify that NAC Joins the Active Directory Domain.

cd /var/log

cat tag.log | grep “Joined”

Enforce after upgrading.

Check date and time and if necessary reset with /usr/postinstall/dateconfig command.

Upgrading XIQ-SE took about ten minutes to complete and further five minutes before I could login again.

Upgrading NAC took approximately ten minutes but allow for thirty minutes.

Recommended to take a snapshot of your VMs before upgrading.  Also, backup the XIQ-SE database to be super safe.

Extreme Cloud IQ APs and XIQ-SE Control

Found a useful document which outlines the configuration steps needed to integrate Cloud based APs with external RADIUS server which uses Access-Control.


There is a workflow for Importing XIQ APs available on Extreme Networks github site which can be used to do a bulk import of cloud based APs. Import workflow called Process_New_XIQ_Devices-

The workflow needs updating with the API token for accessing your cloud IQ instance. This involves signing up on the developer website and creating an application profile with a client-ID, client secret and redirect URI (XIQ-SE URL). The client-ID can be used in Cloud IQ to create an API token. This information is required to update the script in the first task in the workflow.

The first task will authenticate using the token and login to Cloud IQ instance of your choosing and extract a list of devices.

Ensure the subsequent scripts recognize the AP model you are using and if necessary add another IF statement to the script that matches the AP model. Also, ensure there is an SNMP profile that allows access to the Cloud AP.

The final task will need updating with the Primary RADIUS Server IP address of the Access Control Engine.