Using the same Centralized site:
Site_ROW, specify a
separate tagged VLAN for the AAA Network, defining a different IP address range for
the AAA Network.
Note
You can
configure more than one network on a single VLAN, but to configure a separate IP
address range for the AAA Network, we will create a separate VLAN.
-
Go to to create a new VLAN for the AAA Network.
-
Go to and configure the following parameters:
- Network Name
- Test2-AAA
- SSID
- Test2-AAA
- Status
- Enable or disable the network service. Disabling the network service
shuts off the service but does not delete it.
- Auth Type
- WPA2 Enterprise
802.1x/EAP
- AAA Policy
- Local On-boarding
This option is not displayed for WLAN Networks that do not
require authentication or authorization. The value Local Onboarding refers to RADIUS
requests that are directed through the ExtremeCloud IQ
Controller. Local Onboarding is the default value for WLAN Networks configured
for Internal Captive Portal. AAA Policy can only be configured for WLAN Networks requiring
MACAUTH, External Captive Portal, or EAP.
To use AAA Policy to bypass ExtremeCloud IQ
Controller, create a policy with RADIUS servers
and a NAS IP address, then specify the policy here. To get
started, go to . For more information, see the ExtremeCloud IQ Controller User Guide or Online Help.
- Authentication Method
- Default
- Default AAA Authentication Method
- Local
- LDAP Configuration
- None
- Default Auth Role
- Quarantine
Defines
the default Accept Policy for a client attempting to join the
network. When an authenticated client does not meet rule
conditions on an 802.1x AAA Network, the default policy role is
Quarantine.
- Default VLAN
- test2 (This is the
VLAN we created for the AAA Network.)
-
Select Save.
Note
To activate the
Scheduling
button and schedule when network services are enabled, install the Extreme Scheduler
Application on
ExtremeCloud IQ
Controller. For more information, see the
ExtremeCloud IQ Controller User Guide.
Next, work with engine rules.
