NAI Routing and Dynamic Discovery

NAI (Network Access Identifier) routing allows for routing authentication requests to authentication servers based on the domain of the authenticated user. NAI Routing associates defined RADIUS servers with realms that match the user's domain name. You have the option to configure the RADIUS servers within the realm definition or you can configure the server to be discovered dynamically (RFC 7585). This is supported only for RADSEC enabled servers.

When NAI Routing is enabled, the RADIUS Accounting Server Mode setting on the AAA Policy is not displayed. ExtremeCloud IQ Controller selects the first functioning accounting server that is defined in the realm, similar to a Failover mode process. If the Peer Discovery setting is selected for RADIUS Accounting, then ExtremeCloud IQ Controller uses the discovered server for both authentication and accounting.

WBA OpenRoaming uses NAI Routing in the AAA policy that is automatically created with the OpenRoaming profile. You can also manually configure a AAA policy to support multiple realms on one AP radio.

Note

Note

Existing AAA policies cannot be modified to enable NAI Routing. You must create a new AAA policy.