AAA RADIUS Authentication

You have options when configuring AAA Authentication:

Use the local Network Access Control (NAC) to terminate or proxy a RADIUS authorization and accounting request.
Use the local Network Access Server (NAS) to distribute RADIUS requests.

If you are going to authenticate with the Local Named Repository, opt for configuring authentication through the local NAC. If you are going to use an external RADIUS server, you have the option to configure the RADIUS server through the local NAC, through the local NAS, or connect directly to the RADIUS server, bypassing ExtremeCloud IQ Controller.

To configure AAA Policy for external RADIUS, bypassing ExtremeCloud IQ Controller, go to Configure > AAA Policy.
To configure AAA RADIUS servers within the local NAC, go to Onboard > AAA.

The RADIUS Authorization and Accounting transactions occur between the Network Access Server (NAS) on ExtremeCloud IQ Controller and the RADIUS server without involving NAC.

However, you have the option to configure Access Control Rules within the local NAC, making use of automated policy management. Access Control Rules enable you to apply network access permissions and restrictions based on defined rules. The rules can address network resources, a user's role or purpose in the organization, or the device type that is used to access the network. Network access control is dynamic. End-user network access can change as group associations change without a network administrator getting involved.

Regardless of the RADIUS configuration method you choose, you can easily configure RADIUS attributes and find support for RADIUS Change of Authorization (CoA).