You must create a wireless network SSID with Enterprise 802.1X
(WPA/WPA2?WPA3) access security. This option requires users to
authenticate themselves by entering a user name and password, which are checked
against a RADIUS authentication server.
Extreme Networks devices use the wireless
network (SSID) RADIUS server group, which can include up to four RADIUS servers, for
RADIUS lookups, unless there is a device classification rule directing them to a
different group based on their location or other parameters. The servers in the
group can be external RADIUS servers, Extreme Networks A3 RADIUS servers, Extreme
Networks RADIUS servers, Extreme Networks proxy servers, or a combination of these
four types. Use this task for your configuration.
-
Choose a RADIUS server group
profile name.
-
Enter an optional server group description.
-
Select
Settings next to the description field and enter or
select the following:
- Retry
Interval: Enter an unresponsive primary RADIUS server
Access-Request retry time. The device retries the primary server after
the interval elapses, even if the current backup server is responding.
Note
You cannot
enter commas in this field. 100,000,000 must be entered as
100000000.
- Accounting Interim
Update Interval: Set the interval for sending RADIUS
accounting updates to report the client session status and cumulative
length.
Note
You cannot
enter commas in this field. 100,000,000 must be entered as
100000000.
- Permit Dynamic Change
Of Authorization Messages (RFC 3576): Enable the RADIUS
server to dynamically change a user's authorization or to disconnect a
user per RFC 3576. When you enable this parameter, devices acting as
RADIUS authenticators can accept unsolicited disconnect and Change of
Authorization (CoA) messages from a RADIUS authentication server, such
as GuestManager, per RFC 3576. Disconnect messages terminate a user's
session immediately, and CoA messages modify session authorization
attributes such as VLANs and user profile IDs.
- Inject Operator-Name
attribute: Select to include the Operator-Name attribute
in the Access-Request and Accounting-Request message that the Extreme
Networks RADIUS authenticators send to the RADIUS authentication server.
This attribute's value is the domain name suffix of the Extreme Networks
authenticator, usually assigned by DHCP, and helps to identify the
authentication requests source. Providing source information like this
can aid in troubleshooting authentication problems.
- Message Authenticator
attribute: The Message Authenticator is used to
authenticate the RADIUS server's reply, and encrypt passwords.
-
From the RADIUS server lists, select up to four existing
servers to add to your wireless network (SSID) RADIUS server group.
-
Select Save RADIUS Settings and Save
RADIUS.
Note
In addition to those set by you or by default, Extreme Networks APs report
updated DHCP-snooped IP addresses of associated clients to the RADIUS server
asynchronously, or as soon as the information is available.
Return to the Wireless Network screen to complete the Network Policy
configuration.