Configuring the Public Area PWA Station

The public area PWA station provides visitors to your business site with open access to the internet, while at the same time isolating the station from any access to your internal network. In order to provide a default set of network resources to communicate over HTTP, policy must be set to only allow DHCP, ARP, DNS, and HTTP. You may want to set a rate limit that would guard against excessive streaming. You will also need to set up RADIUS for the public station account on the authentication server. This configuration will include the guest name, password, and a RADIUS Filter-ID for the public policy. We will not enable auto-tracking because PWA enhanced mode is not supported with auto-tracking. We will also not enable quarantine.

Perform the following tasks to configure the public station for PWA authentication:

  • Configure the policy appropriate to the public station.
  • Setup the RADIUS user account for the public station on the authentication server.
  • Enable PWA globally on the switch.
  • Configure the IP address for the public station.
  • Optionally set up a banner for the initial PWA screen.
  • Enable PWA enhancemode so that any URL input will cause the PWA sign in screen to appear.
  • Set PWA gueststatus to RADIUS authentication mode.
  • Set the PWA login guest name.
  • Set the PWA login password.
  • Enable PWA on the switch port where the public station is connected.

Once the policy and RADIUS account are configured, enter the following CLI input on the switch:

System(rw)->set pwa enable
System(rw)->set pwa ipaddress 10.10.10.101
System(rw)->set pwa banner \”Extreme Networks Public Internet Access Station\”
System(rw)->set pwa enhancemode enable
System(rw)->set pwa gueststatus authradius
System(rw)->set pwa guestname guest
System(rw)->set pwa guestpassword password
System(rw)->set pwa portcontrol enable ge.1.6

This completes the Authentication configuration example.