Preface
- Text Conventions
- Providing Feedback to Us
- Getting Help
- Related Publications
About This Guide
- Who Should Use This Guide
- How to Use This Guide
Introduction to the CLI
- CLI Wizard
- CLI Structure
- Account Types
Common Commands
- apply
- end
- exit
- help
- logout
- no
- show
root Commands
- audit
- availability
  - pair
  - pairip
  - pairrole
  - fast_failover
  - link_timeout
  - sync-config
  - sync-mu
- backup
- no backup
- copy
- host-attributes
  - hostname
  - domain
  - dns
    - dns
    - move
- export
- no export
- flash
- no flash
- healthpoll
- import
- key
  - activate
  - ecap
- lanset
- loglevel
- ping
- radtest
- radtest_mba
- reset
- restart
- restore
- secureconnection
  - secret
  - weak-ciphers
- show
  - show ac version
  - show active-user
  - show ap (AP Configuration)
  - show ap_certificate
  - show ap_certreq
  - show ap_inventory
  - show app (Application Group)
  - show apup
  - show audits
  - show availability
  - show backup
  - show cdrs
  - show clients apserial
  - show clients vns
  - show run-config
  - show dns
  - show export
  - show flash
  - show healthpoll
  - show import
  - show import_status
  - show key
  - show l2ports
  - show lanset
  - show log
  - show loglevel
  - show ospf
  - show policy
  - show report channel_inspector
  - show role
  - show report
  - show restore
  - show routes
  - show schedule_ backup
  - show schedule_upgrade
  - show snmp
  - show stats
  - show syslog
  - show system_state
  - show tech_support
  - show time
  - show time-config
  - show topology
  - show traffic_capture
  - show upgrade
  - show upgrade_backup_dest
  - show upgrade_history
  - show upgrade_image_src
  - show users
  - show vnsmode
  - show vnsmode radius
  - show web
  - show wlans
- shutdown
- tech_support
- traceroute
- upgrade ac
- upgrade apup
- upgrade_backup_dest
- upgrade_image_src
ap Commands
- ap Context
  - access
  - blacklist
  - defaults
    - ap37xx
    - ap38xx
    - ap3801
    - 3912FCC and 3912ROW
    - 3935FCC
    - 3935ROW
    - 3965FCC
    - 3965ROW
    - assign
      - wlans-list
      - wlan-foreign-ap
    - learnac
    - move
  - load-groups
  - lpm-override
  - maintenance
    - upgrd
  - registration
  - remove
  - search
  - serial
  - <serial>
    - 802_1x
      - eap
      - gen_certreq
      - peap
    - aclist
    - ap_env
    - apip
    - balanced-power
    - bcast_disassoc
    - bgway
    - client_session
    - country
    - desc
    - ipmcast-assembly
    - lacp
    - lbs-status
    - led-mode
    - lldp
    - location
    - move
    - name
    - persistent
    - poll_timeout
    - port-setting
    - professional_antenna
      - leftantenna-radio1
      - leftantenna-radio2
      - middleantenna-radio1
      - middleantenna-radio2
      - rightantenna-radio1
      - rightantenna-radio2
      - 3935e ports
      - show- antennas
    - radio1
    - radio2
    - real_capture
    - secure-tunnel
    - secure-tunnel-lifetime
    - show
    - ssh
    - tunnel-mtu
    - usedhcp
    - vlanid
    - wlan
    - zone
- Radio Commands
  - admin-mode
  - antsel
  - atpc
  - att
  - beaconp
  - ch
  - dcs
  - domain
  - dtim
  - force-disassociate
  - frag
  - ldpc
  - max-distance
  - mcast-adaptable
  - mcast2ucast
  - minbrate
  - mode
  - n_addba_support
  - n_aggr_mpdu
  - n_aggr_mpdu_max
  - n_aggr_mpdu_max_subframes
  - n_aggr_msdu
  - n_chlwidth
  - n_guardinterval
  - n_pbthreshold
  - n_pmode
  - n_ptype
  - nonUnicastQuota
  - optimized-mcast
  - pmode
  - prate
  - preamble
  - probe-suppression
  - ptype
  - radio-actions
  - rss-threshold
  - rts
  - stbc
  - tx_adjust_power
  - txbf
  - tx_max_power
  - tx_min_power
- DCS Commands
- logs Context
- maintain_cycle Context
  - duration
  - platform
  - freq
l2ports Commands
- esaN
- jumbo-frames
- portN
  - port
- show
- <named-LAG-port>
  - lag-member
  - port
ip Commands
- route
- ospf
login Commands
- apply
- auth
  - server
  - primary
  - authset
  - move
  - radtest_login
- auth-order
- move
- show
Radar Commands
- mitigator Context
  - analysis
  - scprof
  - gsprof
  - maintenance
- Common Scan/Profile Commands
  - adhoc
  - aplist
  - blacklist-timer
  - channels
  - classification
  - concurrent-number
  - dosa
  - drop-faf
  - external-friendly
  - external-honeypot
  - internal-honeypot
  - name
  - port
  - rogue
  - rogue-prevent
  - security-scan
  - spoofed-ap
  - show
mobility Commands
- backupmanagerip
- mrole
- mport
- mheartbeat
- slpreg
- agent
- secmode
- mdismethod
- mmanagerip
schedule_backup Commands
- destination
- dir
- freq
- password
- protocol
- server
- starttime
- type
- user
schedule_upgrade Commands
- schld_upgrd
- upgrade_backup
snmp Commands
- contact
- context
- enable
- engine-id
- location
- port
- publish-ap
- rcommunity
- rwcommunity
- severity
- show
- trap-manager-v1v2
- trap-manager-v3
- user
syslog Commands
- audmsg
- facility
- stationevents
- svcmsg
- syslogip
time Commands
- clock
- date
- ntp
- ntpip
- show-continents
- show-regions
- tz
traffic_capture Commands
- file_name
- size
- interface
- delete
- list
- start
- stop
- show
- show interfaces
users Commands
- id
- pwd
VNS Commands (vnsmode)
- adminctr
- create
- custom-app
  - custom-app-list
- das
  - port
  - replay_interval
- default-role
  - show
  - sync
  - topology-name
  - acfilters
  - apfilters
- delete
- nac
  - create
  - delete
  - show
- netflow-mirror
- radius
- rateprofile
  - create
  - delete
  - show
- redirection-url-list
- <named-VNS>
  - auth
  - non-auth
  - name
  - status
  - sync
  - wlans-name
  - show
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
wlans Commands
- clients
  - client
  - descr
  - enable
  - endofday
  - export_clients
  - import_clients
  - startofday
- create
- delete
- remote-ssid
- show
- <WLAN-service-name>
- hotspot
role Commands
- role Context
- create
- delete
- show
- <named-role>
  - access-control
  - default-cos
  - egress-vlans
  - name
  - filter-status
  - sync
  - ulfilterap
  - apcustom
  - acfilters
  - apfilters
  - show
  - traffic-mirror
  - redirection-url
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
topology Commands
- create
- delete
- internal-vlanid
- multicast-support
- show
- <named-topology>
  - 3rd-party
  - l2
    - arp-proxy
    - multicast
      - config
      - create
      - delete
      - filter
      - move
      - show
    - port
    - show
    - tagged
    - vlanid
  - l3
    - ap-register
    - cert
    - copy-csr
    - dhcp
      - dhcp-servers
      - dls
      - dls-address
      - dns
      - domain
      - exclude
      - foreign-gateway
      - foreign-range
      - gateway
      - lease-default
      - lease-max
      - mode
      - range
      - show
      - wins
    - exceptions
      - config
      - create
      - delete
      - move
      - show
    - foreign-ip
    - gateway
    - gateway-ipv6
    - gen-certreq
    - ip
    - ipv6
    - mgmt
    - mtu
    - netmask
    - nexthop
    - ospf-advert
    - ospf-cost
    - show
  - l3presence
  - mode
  - name
  - show
  - strict-subnet
  - sync
- topology-group
  - create
  - delete
  - show
  - <topology-group-name>
    - members
    - name
    - show
    - vlanid
Location-Based-Service (lbs) Commands
- multicast
- port
- service
- server-ip
- show
- Related commands
  - lbs-status
  - show
web Commands
- guestportal-admin-timeout
- timeout
- showvns
- show
cos Commands
- create
- delete
- show
- <named-cos>
  - show
  - name
  - sync
  - use-wlan-marking
  - priority
  - tos-dscp-mask
  - rateprf-in
  - rateprf-out
  - transmit-queue
site Commands
- create
- delete
- show site
- <named-site>
RF Location Commands
- location-engine
- default-height
- auto-tracking
- default-env-mode
- floor-plan
  - export
  - import
  - delete
- on-demand
- publish
- show
- area-tracking
Publish Commands
- push
- interval
- unit
- push-list
- push-client-reporting

hs-nai-realm

Use the hs-nai-realm command from the hotspot context to configure the NAI Realm for the hotspot.

hs-nai-realm (add|delete NAI Realm EAP_method[ EAP_method] ,*) | (delete NAI Realm)

Parameters

add|delete NAI Realm EAP_method[ EAP_method],*

The the NAI (Network Access Identification) Realms list is a FQDN of the service provider. This is a list of realms that can be successfully authenticated. Each realm can have up to 8 supported EAP methods. Valid EAP Methods include:

EAP-TLS
EAP-TTLS-PAP
EAP-TTLS-CHAP
EAP-SIM-SIM
EAP-TTLS-MSCHAP
EAP-TTLS-MSCHAPv2
EAP-AKA2-USIM
EAP-AKA-USIM

Usage

Consider the following when configuring an NAI Realm list for each hotspot:

Add all realms that can authenticate a mobile device‘s log on credentials or certificate credentials, including the realms of all roaming partners that are accessible from the hotspot AP. Include the realm of the home SP.
Add a realm for the PLMN ID. This is the cellular network identity based on public land mobile network (PLMN) information.
You can configure the EAP method list to support devices that do not know the EAP methods that are being used by a given service provider.
If the device has been provisioned with the home service provider, the device does not need to use the EAP methods in the NAI Realm List. The mobile device knows the EAP method required to authenticate against its home service provider and automatically uses it.
Keep your DNS server records up to date, so that mobile devices can resolve the server domain names (FQDN).

For more information, see the ExtremeWireless User Guide.

Examples

EWC.extremenetworks.com:wlans:hs:hotspot# hs-nai-realm add LS620 EAP-TLS

Published December 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback