Configure a RADIUS Server Group

You must first create a wireless network SSID with Enterprise 802.1X (WPA/WPA2/WPA3) access security. This option requires users to authenticate themselves by entering a user name and password, which are checked against a RADIUS authentication server.

RADIUS servers offer two different types of services:

  • Authentication for user credentials (usually on port 1812)
  • Accounting (logging) (usually on port 1813)

Extreme Networks devices use the default wireless network (SSID) RADIUS server group, which can include up to four RADIUS servers, for RADIUS lookups, unless there is a device classification rule directing them to a different RADIUS server group. The servers in the group can be external RADIUS servers, Extreme Networks A3 RADIUS servers, Extreme Networks RADIUS servers, Extreme Networks proxy servers, or a combination of these four types.

Security for RADIUS servers uses simple passwords. Configure one password on the server, and the other on each of the clients.

This task is part of the network policy configuration workflow. Use this task to to configure a RADIUS server group for an SSID, as part of a network policy.

  1. Go to Configure > Network Policies.
  2. Select an existing policy, and then select Edit, or select Add.
  3. After you save the Policy Details, select NEXT or 2 Wireless.
  4. In the Authentication Settings section, toggle the Authentication with ExtremeCloud IQ Authentication Service setting OFF.

    The Authenticate via RADIUS Server section becomes available.

  5. Select an existing RADIUS sever group from the Select menu, or select Add.
  6. Type a RADIUS Server Group Name.
  7. Optional: Type a RADIUS Server Group Description.

    Although optional, entering a description is helpful for troubleshooting and for identifying the RADIUS server group.

  8. Configure the RADIUS server settings for IQ Engine devices.

    See Configure RADIUS Server Settings.

  9. Depending on the type of server that you want to add, select one of the following tabs:
    Tab Configuration task
    EXTERNAL RADIUS SERVER Configure an External RADIUS Server
    EXTREME NETWORKS A3 Configure an Extreme Networks A3 Server
    EXTREME NETWORKS RADIUS SERVER Configure an Extreme Networks RADIUS Server
    EXTREME NETWORKS RADIUS PROXY Configure an Extreme Networks RADIUS Proxy

    Select up to four existing servers to add to your wireless network (SSID) RADIUS server group.

  10. Select SAVE RADIUS.
    Note

    Note

    In addition to those set by you, or by default, Extreme Networks APs report updated DHCP-snooped IP addresses of associated clients to the RADIUS server asynchronously, or as soon as the information is available.
9038986-00 Rev AA