User-Authentication Configurations

A Universal Port user-authenticate configuration requires specific components:

  • An Extreme Networks switch, which might need to include PoE support.

  • RADIUS server for user authentication and VSA transmission.

  • Supplicants that support the authentication method you select. LLDP support is recommended, but is optional when MAC address authentication is used.

Note

Note

To support supplicant configuration, you might consider adding a DHCP server to your network. For VoIP applications, you can use a TFTP server and a call server to provide for additional supplicant configuration.

Use the following procedure to configure Universal Port for user login:

  1. Configure the RADIUS server as described in Security. The configuration should include the following:
    • User ID and password for RADIUS clients.
    • Extreme Networks custom VSAs.
    • Addition of the edge switch as a RADIUS client.
  2. Create a user-authenticate profile as described in Creating and Configuring New Profiles.
  3. Create a user-unauthenticate profile as described in Creating and Configuring New Profiles.
  4. Assign the user-authenticate profile to the edge ports as described in Configuring a User Login or Logout Event Trigger.
  5. Assign the user-unauthenticate profile to the edge ports as described in Configuring a User Login or Logout Event Trigger.
  6. Configure network login on the edge switch as described in Network Login.
  7. Configure the edge switch as a RADIUS client as described in Security.
  8. Verify that correct profiles are assigned to correct ports by entering the following command:

    show upm event event-type

  9. Enable LLDP message advertisements on the ports that are configured for device-detect profiles as described in LLDP Overview.
  10. Test profile operation as described in Verifying a Universal Port Profile.
9039053-00 Rev AA