About this task
Use this task to integrate ExtremeCloud IQ Wireless with Universal ZTNA.
Procedure
-
From the ExtremeCloud IQ portal main navigation, select .
-
Select your SSID and select the
edit (pencil) icon.
-
Under SSID Usage,
ensure the SSID
Authentication and Enterprise tabs
are selected.
-
Under Authentication
Settings, create an external RADIUS Server Group with your
Radsec proxy IP address by selecting
under Authenticate via RADIUS Server. This is the same IP address
used for the Radsec proxy deployment in Deploy RadSec Proxies.
-
In the Configure
RADIUS Servers window, configure the server details and select
Save.
-
Identify the required filter-ID
value needed.
You will use this
filter-ID in the assignment rule for the name of the Universal ZTNA policy in
the next step. You can find the filter-ID in the User Profile
Assignment Rule section of the SSID configuration under the
Value column heading.
-
Create Universal ZTNA policies
using the ExtremeCloud IQ
filter-IDs as the policy name.
The policy name is used in the RADIUS response for user authentication:
as follows:
- Select
- Set the name of the
policy to the filter-ID from the assignment rule and add access groups
and conditions. The network section is ignored for ExtremeCloud IQ
policies; only the name, access groups (user groups or device groups),
and conditions are used. If this policy is being used with another
operating system,complete the network sections.
- Optional:
You can force a reauthorization
in ExtremeCloud IQ wireless by
doing the following:
-
From the ExtremeCloud IQ main navigation, select .
-
Select the floor map
where the client access point is located.
-
Select the access point
and select Disconnect next to your client's station address.
