Adding AAA NAS

Configuration → AAA → NAS → Add

Use the add NAS (Network Access Server) screen to configure RADIUS clients and their shared secret. Authentication requests received from RADIUS clients specified here are accepted by the ExtremeGuest RADIUS server. You can configure a single IP address or an IP subnet.

Starting with this release, ExtremeGuest can be deployed as the external authenticating server for the ExtremeCloud Appliance and ExtremeControl managed networks.

The ExtremeGuest AAA (Authentication, Authorization, and Accounting) NAS configuration (IP address/IP subnet and shared secret) should always point to the RADIUS client, the host sending the RADIUS request to the ExtremeGuest RADIUS server.
  • In WiNG deployments - the RADIUS client could be the controller, RF Domain manager or individual APs. If the RADIUS request is being proxied through the controller or RF Domain manager, configure the IP address and shared secret of the controller or RF Domain manager respectively. If the APs are directly communicating with the ExtremeGuest RADIUS server, configure the IP address and shared secret of each AP.
    Note

    Note

    The shared secret configured here should match with the RADIUS server shared secret configured in the AAA policy on the WING device (controller/RF Domain manager/APs).
  • In ExtremeCloud Appliance deployments - the RADIUS client is the ExtremeCloud Appliance host. Configure the IP address/IP subnet and shared secret of the ExtremeCloud Appliance host.
    Note

    Note

    The shared secret configured here should match with the RADIUS server shared secret configured in the AAA policy on the ExtremeCloud Appliance server.
  • In ExtremeControl deployments - the RADIUS client is the ExtremeControl host. Configure the IP address/IP subnet and shared secret of the ExtremeControl host.
    Note

    Note

    The shared secret configured here should match with the RADIUS server shared secret configured under Access Control → Configurations → AAA → RADIUS Servers on the ExtremeControl server.

To add AAA Networks:

  1. Go to Configuration → AAA from the navigation menu.
    The Authorization screen displays by default.
  2. Select the NAS tab.
    A list of existing AAA NAS configurations is displayed.
  3. Select the GUID-BA8E61C7-AFCB-4AE1-8D32-83BD126D691A-low.png icon to create a new NAS configuration.
    The add AAA NAS screen displays.
    Click to expand in new window
    AAA NAS Add Screen
    GUID-88B21BFA-F3FE-46B7-A853-AB0D012D352A-low.png
  4. Configure the following settings:
  5. Name Specify a unique name for the new AAA network.
    Note

    Note

    This setting is mandatory.
    Description Specify a description for the new AAA network.
    Note

    Note

    This setting is mandatory.
    IP Address / mask Displays the IP address and network mask associated with each network.
    Note

    Note

    This setting is mandatory.
    Shared Secret Enter the RADIUS client shared secret password in the Shared Secret field. This password is for authenticating the RADIUS NAS clients. Select the Show check box to expose the shared secret's actual character string, leaving the option unselected displays the shared secret as a string of asterisks (*).
    Note

    Note

    The shared secret configured here should be the same as the one configured in the AAA RADIUS server context on the WiNG device, ExtremeCloud Appliance, or ExtremeControl depending on where the network is configured.

  6. Select Save to save your changes.
    Select Cancel to discard the new AAA network.