About this task
To integrate ExtremeCloud IQ Wireless with Universal ZTNA, do the following:
Procedure
-
From the ExtremeCloud IQ portal main navigation, select .
-
Select your SSID and select the
edit (pencil) icon.
-
Under SSID Usage,
ensure the SSID
Authentication and Enterprise tabs
are selected.
-
Under Authentication
Settings, create an external RADIUS Server Group with your
Radsec proxy IP address by selecting
under Authenticate via RADIUS Server. This is the same IP address
used for the Radsec proxy deployment in Deploy RadSec Proxies.
-
In the Configure RADIUS
Servers window, configure the server details and select Save.
-
Identify the required filter-ID
value needed.
You will use this filter-ID in the assignment rule for the name of the
Universal ZTNA policy
in the next step. You can find the filter-ID in the User Profile Assignment
Rule section of the SSID configuration under the Value column
heading.
-
Create Universal ZTNA policies
using the ExtremeCloud IQ
filter-IDs as the policy name.
The policy name is used in the RADIUS response for user authentication:
as follows:
- Select
- Set the name of the policy to the filter-ID from the assignment rule and
add access groups and conditions. The network section is ignored for ExtremeCloud IQ
policies; only the name, access groups (user groups or device groups),
and conditions are used. If this policy is being used with another
operating system,complete the network sections..
-
(Optional) You can force a
reauthorization in ExtremeCloud IQ wireless by doing the following:
-
From the ExtremeCloud IQ main navigation, select
-
Select the floor map
where the client access point is located.
-
Select the access point
and select Disconnect next to your client's station
address.