Onboard Devices

I want to continue with my 30-day trial of ExtremeCloud IQ: If you do not have an entitlement key for ExtremeCloud IQ but want to try it out, you can choose this option to begin or continue a 30-day ExtremeCloud IQ trial.

I have an ExtremeCloud IQ entitlement key: Select this option if you have received your ExtremeCloud IQ key and want to begin using it.

Start with ExtremeCloud IQ Connect: Select this option to begin using ExtremeCloud IQ Connect, which provides you with sufficient tools to configure and manage Extreme Networks devices in common network environments.

Step 1: Configure Location

You will see a map of your current global location. As you add sites, this view changes indicating each site. Your company may have several sites throughout the world or have a single site.

After you identify the locations, enter the following information, and then select Next or Finish:

• The number of buildings at each site plus a description including, name, contact information, and other data
• The number of floors in each building plus a floor plan used to indicate device placement

Step 2: Onboard Devices

ExtremeCloud IQ guides you through the onboarding process using the steps below:

Add Real Devices

Onboard each device by entering the serial number found on the back of the device.

1. If possible, avoid using spreadsheet applications such as Excel to create or modify a .csv file. Excel and other spreadsheet applications format serial numbers incorrectly when they contain a leading zero. Instead, use a text editor that does not format the contents.

Enter the 14-digit serial number for the device, such as in the following example:

You can enter multiple, comma-separated serial numbers, such as in the following example:

Alternatively, you can import a .csv file containing the device serial numbers, each on a separate line, such as in the following example:

If you do not want to add a real device, select SkipWhen done, select Next.

Add Simulated Devices

Select a device model from the drop-down list and enter the number of devices you want to add. Select to select additional models and repeat this step, and then select Next.

Configure Simulated XR600P Routers as VPN Gateways

You can add simulated XR600P routers and configure them as VPN gateways. Select XR600P from the Device Model drop-down list, and select either of the VPN gateway options from the Device Function drop-down list.

Step 3: Configure Topology

Assign each onboarded device to your organization sites. You see . Select a building from the list of organization locations, buildings, and floors in the left navigation area to display the associated floor maps.

The right navigation area also contains a list of unassigned devices. From this list, select a device and drag it to a location on the floor.

Repeat this process for all unassigned devices for your sites, buildings, and floors.

Step 4: Configure Network Policy

Select an Existing Network Policy

Select an existing network policy from the Use an existing network policy drop-down list.

Select Next.If you do not want to select an existing network policy, select Skip.

Create a New Network Policy

Select Create a new network policy, and then enter the following information:

Policy Name: Enter the name of the network policy you want to create.

SSID Types: Select the type of SSID you want to create and complete the required settings. Internal SSIDs are for network users within your organization. Guest SSIDs are more network restricted for visitors and contractors.

When you finish configuring the network policy and SSID settings, select Next. If you do not want to create a new network policy, select Skip.

Configure Internal SSID

Create internal SSIDs for users within your organization who require proper access, security, and bandwidth to complete their tasks. Select either PPSK, PSK, 802.1X, or open as an authentication option (open authentication is not recommended).

If you do not want to create an internal SSID, select Skip.

Configure Guest SSID

Create guest SSIDs for visitors, contractors, and other network users outside your organization. Because guests generally only need base network services, such as DNS and DHCP, and the Internet, configure these SSIDs with appropriate network restrictions.

There are two types of guest SSID: open and secured. Open SSIDs require no authentication but can use captive web portals to force users to accept network use terms before permitting access. Secure SSIDs require authentication and, in most cases, strong encryption for data privacy.

If you do not want to create a guest SSID, select Skip.

Configure Client Security Enforcement

Configure PPSK Secure Network Authentication

Select Create credentials (PPSK) for users to log in to your network.

Select an existing PPSK user service from the drop-down list.

In the What would you like the prefix to be? text box, enter an alphanumeric prefix for the PPSK credentials.

In the How many guests do you want to add? text box, enter the required number of PPSK credentials, up to 1,000.

Select Next.

More About PPSK Network Authentication

A private PSK (PPSK) is a unique preshared key assigned to a single client (user device) rather than all clients. With this approach, you can assign unique PPSKs and user profiles to different clients on the same SSID. If a client is no longer permitted to use the WLAN or if a wireless client preshared key becomes lost, stolen, or compromised, you can revoke just that user preshared key without having to generate new PPSKs for all other clients.

Configure PSK Secure Network Authentication

Select Create a global password (PSK) credentials for users to log into the network.

Enter a PSK password containing up to 62 characters, without spaces.

Select Next.

More About PSK Network Authentication

PSK network authentication is a moderately secure authentication option. It is easy to deploy, as every client receives the same password. PSK is adequate until an unauthorized client obtains the password; when this happens, a new PSK password must be created and distributed to all the authorized users before they can access the network.

Configure 802.1X Secure Network Authentication

Select Users to enter their credentials to log into the network.

ExtremeCloud IQ generates a RADIUS server Name. You can use this name or change it, as required.

Enter the RADIUS server IP address.

Enter the RADIUS server Shared secret.

Select Next.

More About 802.1X Network Authentication

Select this option to use 802.1X as the authentication method for wireless networks in business environments. See External RADIUS Server Settings to view, add, select, modify, and delete RADIUS server objects.

Configure Unsecured (Open) Network Authentication

Select Unsecured (Open) NetworkUsers can access the network without logging in.

ExtremeCloud IQ makes this the default security.

Select Next.

More About Unsecured (Open) Network Authentication

This option provides neither authentication nor encryption for traffic in the SSID.

Configure Unsecured (Open) Network Authentication with a Captive Web Portal

SSID Name: ExtremeCloud IQ populates this field based on your previous choices, but you can change the name here.

Select Guest accepts the use policy before accessing the network.

To create a customized web portal, select Customize Captive Web Portal. The Customize Captive Web Portal panel on the right side of the Configure Guest SSID page. Perform the following steps to customize your captive web portal, for example, by adding a logo or changing the colors.

If you do not want to customize your captive web portal, select Skip.

Name the Captive Web Portal

In the Customize Captive Web Portal panel, either accept the assigned captive web portal name or change it as needed.

Complete the remaining sections.

When done, select Next

Change the Use Policy Acceptance Page (UAP)

Perform the following steps to change the ExtremeCloud IQ policy acceptance page (also known as the EULA page).

1. Select Use Policy Acceptance.
2. Edit the colors, logo, language, and use policy acceptance text.

3. Select Preview to verify your changes.

4. Select Back to Customize to return to the Customize Captive Web Portal panel.

5. Complete the remaining sections.

When you are all done, continue with "Onboard and Manage Devices".

Change the Success Page

Complete the following steps to change the success page.

In the Customize Captive Web Portal panel, select Success Page.

1. Edit the success page text colors, logo, language, and welcome message.
2. Select Preview and verify your success page.
3. Select Back to Customize to return to the Customize Captive Web Portal panel.

Add a New Logo

You can use the Extreme default logo, or add your logo files. The default file name is company_logo.png, and its dimensions are 235 x 69 pixels at 300 PPI. If you replace this image with a different image, make sure it has the same or nearly the same dimensions to avoid distortion. The logo files must be .png, jpg, .bmp, or .gif format. No matter how wide or tall the added logo image file, the logo is displayed inside a 228 x 87-pixel space.

1. In Customize Captive Web Portal, select Logo / Add a new file.
2. In the Image Management panel, select Upload an Image. Select and upload a new logo file, displayed under Available Images.
3. Select Save.
4. In Customize Captive Web Portal, select the required logo from the Logo drop-down list.
5. Select Save.
6. In the Configure Guest Access SSID dialog, complete any other required changes, and then select Save.
7. Select Next.
8. When finished, select Next.

Onboarding Review Summary

This page displays a summary of your current ExtremeCloud IQ network configuration choices.

When you complete the initial onboarding process, ExtremeCloud IQ displays a summary of your configuration in three sections: Devices, Location, and Network.

Verify that the information is correct.

If the displayed information is correct, select Finish.