Deploying ExtremeCloud IQ-SE as an External Captive Portal

Deployment Strategy

The following strategy outlines how to configure ExtremeCloud IQ Controller to integrate with ExtremeCloud IQ Site Engine (XMC), which houses the external captive portal, handling client authentication. The portal resides on the ExtremeControl engine and ExtremeCloud IQ Controller handles the client network connections. Traffic connecting to the Guest network will send and receive all RADIUS requests from the externally defined RADIUS server, not from the ExtremeCloud IQ Controller that processes the request. The ExtremeControl engine provides RADIUS authentication and authorization and policies that are defined in ExtremeCloud IQ Site Engine.

The following outlines how to integrate ExtremeCloud IQ Controller with ExtremeCloud IQ - Site Engine, configuring an External Captive Portal on the ExtremeControl engine.
  1. If you are authentication with Local Onboarding, create a RADIUS pass-through rule on ExtremeCloud IQ Controller.
    Note

    Note

    It is possible to authenticate directly to the AAA RADIUS server. Refer to the ExtremeCloud IQ Controller User Guide for information about AAA RADIUS Authentication.
  2. Add ExtremeCloud IQ Controller to ExtremeCloud IQ - Site Engine as a switch.
  3. On ExtremeControl, create an Unregistered Policy for the ExtremeCloud IQ Controller Pass-Through Network.
  4. Edit the ExtremeControl configuration profile, associating network policy and Location-Based Services.
9038115-00 Rev. AA