Adding AAA Authorization

Configuration → AAA → Authorization → Add

To add AAA Authorization policy:

  1. Go to Configuration → AAA .
    The Authorization screen displays by default.
  2. Select theGUID-BA8E61C7-AFCB-4AE1-8D32-83BD126D691A-low.pngicon to add a new authorization profile.
    The add Authorization screen displays.
    Click to expand in new window
    AAA Authorization Add Screen
    GUID-4AC15187-1C34-4A32-8D21-6AC2F67F3B1A-low.png
  3. Configure the following settings:
  4. Name Specify a unique designation for the new authorization profile.
    Note

    Note

    This setting is mandatory.
    Description Enter a description for the new authorization profile.
    Note

    Note

    This setting is mandatory.
    VLAN Use the spinner controls to assign a specific VLAN to this RADIUS user group. Ensure Dynamic VLAN assignment (single VLAN) is enabled for the network and RADIUS VLAN assignment is configured in the captive portal policy in order for the VLAN assignment to work properly.
    Network SSID Assign a list of SSIDs users within this RADIUS group are allowed to associate with. Assign WLAN SSIDs representative of the configurations a guest user will need to access.
    Rate Limit From Air Set the rate limit for clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 Kbps.
    Note

    Note

    Leave this field blank to disable rate limiting.
    Rate Limit To Air Set the rate limit from clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 Kbps.
    Note

    Note

    Leave this field blank to disable rate limiting.
    Inactivity Timeout Set an inactivity timeout from 60 - 86,400 seconds. If a frame is not received from a client within the set time, the current session is terminated.
    Session Timeout Enable this option to set a client session timeout from 5 - 144,000 minutes. This is the session time a client is granted upon successful authentication. Upon expiration, the RADIUS session is terminated.
    Block Time Specify a Block Time to control the amount of time before a user can reconnect after their session ends.
    Application Policy Specify an Application Policy to associate with this authorization profile.
    Role (Filter-ID) Specify a Role to associate with this authorization profile.
    Note

    Note

    If you are deploying ExtremeGuest as the external authentication server for ExtremeCloud Appliance or ExtremeControl managed networks, ensure the Role (Filter-ID) value is the same as the roles configured in the ExtremeGuest captive-portal configurations set on ExtremeCloud Appliance and ExtremeControl servers.

  5. In the Schedule section, select Restrict Access to restrict network access to certain days or time.
    By Time Select this option to set an access time period. When selected, the Start and End options are enabled. Schedule the network access time period. Guest users will have daily access only during the time specified here.
    By Day of Week Select this option to limit access on certain days of the week. Guest users will have access only on the days specified here.
    Note

    Note

    Use both options to restrict access to a specific time on specific days.
  6. Select Save to save your changes or select Cancel to discard the new authorization policy.