Setting Default AAA Config

Configure authentication using one or more methods of authentication. With RADIUS and Local authentication, you have the option to configure an LDAP server as a backup. When you choose RADIUS or LDAP authentication, you have the option to authenticate MAC Addresses locally.

To specify a default configuration for AAA:

  1. Go to Onboard > AAA and select RADIUS Servers.
  2. Click Default AAA Config.
  3. Configure the following parameters for the default configuration:
    Table 1. Default AAA Configuration Parameters
    Field Description
    Authentication Method Determines the method for user authentication. Additional authentication parameters depend on the method you select here. Valid values are:
    • RADIUS. RADIUS Server authenticates user.
    • Local. ExtremeCloud IQ Controller authenticates user.
    • LDAP. LDAP server authenticates user.
    Note: Internal Captive Portal supports Local and LDAP authentication only, providing validation of client acceptance status based on provided credentials. Indication of a specific role for policy assignment change is not supported.
    When using RADIUS or LDAP authentication First authenticate with configured RADIUS server, then use LDAP server. Copy the Distinguished Name from the LDAP server.
    • Primary RADIUS — IP address of primary RADIUS server
    • Backup RADIUS — IP address of backup RADIUS server.
    • LDAP Configuration — Indicates the LDAP Configuration to use as a default. Select from one of the configured LDAP Configurations.
    When using Local or LDAP authentication First authenticate locally, then use LDAP server. Copy the Distinguished Name from the LDAP server.
    • LDAP Configuration — Indicates the LDAP Configuration to use as a default. Select from one of the configured LDAP Configurations.
    Authenticate Locally for MAC Authenticate the MAC address on ExtremeCloud IQ Controller. Do not authenticate MAC address on the RADIUS server.
9038918-00 Rev. AA