Extreme Networks ExtremeWireless Software Solution

The Extreme Networks ExtremeWireless Software solution is an enterprise WLAN solution that consists of the following components:

Extreme Management Center and Wireless Advanced Services

The ExtremeWireless Appliance provides several network functions, including centralized management and configuration of Wireless APs, user authentication, and advanced radio frequency management.

The ExtremeWireless Appliance is driven by the ExtremeWireless Software. The software resides on the ExtremeWireless Appliance and provides an intuitive web-based interface — the ExtremeWireless Assistant — to enable you to manage the entire wireless network from a laptop or a PC connected to the network. A command line interface (CLI) is also available to manage the wireless network.

The ExtremeWireless Appliance is a fully functioning dynamic router/switch that aggregates and coordinates all Wireless APs and manages client devices. Some key features of the ExtremeWireless Appliance are described in the following sections.

Note

Note

The word appliance is synonymous with controller. It refers to both controller devices and virtual gateways.

Web-based Centralized Management of Wireless APs

The ExtremeWireless Appliance enables you to monitor and manage Wireless APs from a centralized web-based user interface — the ExtremeWireless Assistant. You can separately configure, enable, or disable each Wireless AP from the ExtremeWireless Appliance using the ExtremeWireless Assistant.

Virtualized User Segmentation

The ExtremeWireless Appliance allows you to create and manage unique VNS (Virtual Networks Services) that enable you to group specific mobile users, devices, and applications on the basis of policy class (role), in order to provide unique levels of service, access permission, encryption, and device authorization.

Role (also known as policy) defines the station's topology (network segment), filtering (access restrictions) and Class of Service definitions. A VNS definition consists of a WLAN Service bound to one or two roles that are applied to stations by default. Until associated with a role definition, a WLAN Service remains inactive.

When a user associates with a particular SSID (WLAN Service), the user's experience is shaped by the corresponding role that the VNS defines as its default. The user is mapped to a specific segment, its traffic access restricted by the role filters, and its network access rate correspondingly restricted as defined in the role.

However, user authentication responses (such as RADIUS (Remote Authentication Dial In User Service)) or an explicit external API call may remap the user to a different policy. The role reassignment may move the user to a completely different segment (VLAN (Virtual LAN)), access state (filters), and rate restriction setting.

Role assignment for a particular user session remains as the user roams across the mobility domain. Role assignment is independent of the underlying characteristics of the transport network and the point of presence of network devices, as well as access points.

In a properly coordinated mobility domain, the user's point of presence is retained, so as to provide an ubiquitous coverage area to the user, wherever the intended SSID is available.

ExtremeWireless Appliances can support the following number of VNSs, topologies, roles, and rate control profiles:

Click to expand in new window

ExtremeWireless Appliance VNS Support

Controller Maximum Number of
  Active VNSs VNSs Topologies Roles Rate Control Profiles
C5210 128 256 256 1024 128
C5110 128 256 256 1024 128
C4110 64 128 128 512 128
C25 16 32 32 128 128
C35 16 32 32 128 128
V2110 64 128 128 512 128

Authentication and Encryption

The ExtremeWireless Appliance and ExtremeWireless AP work together to support comprehensive authentication, encryption, and intrusion detection capabilities. A range of security features based upon the 802.11 and WPA2 standards protect your network from intrusion and attack.

An 802.1x mechanism in conjunction with RADIUS and pre-shared key authentication allow only authorized users to access the network. Other features include Captive Portal for redirected web-based authentication.

Radar WIDS-WIPS

ExtremeWireless Radar is a set of advanced, intelligent, Wireless-Intrusion-Detection-Service and Wireless-Intrusion-Prevention-Service (WIDS-WIPS) features that are integrated into the Wireless Controller, its APs, and the Convergence Software. Radar provides a basic solution for discovering unauthorized devices within the wireless coverage area. Radar performs basic RF network analysis to identify unmanaged APs and personal ad-hoc networks. The Radar feature set includes: dynamic channel and frequency selection support, location visualization (requires Extreme Management Center), interference classification and adaptation, and wireless intrusion detection and protection.

When Radar is enabled:

  • All APs simultaneously provide WIDS-WIPS and wireless bridging functions. The 3825, 3801, 3705, 3710, and 3715 type APs monitor and protect the channels for which they are bridging.
  • All APs, except the 3705i, can be configured as Guardian APs, which are APs dedicated to full-time intrusion detection scans and threat prevention countermeasures on all active channels. APs in Guardian mode cannot serve to bridge traffic, but can be switched to Traffic Bridging mode when necessary.
  • The APs can be configured to take active countermeasures against specific types of threat that they have detected. Available countermeasures include: sending de-authentication frames to devices and threatening APs, automatically blacklisting devices performing WIDS-WIPS attacks (when that action mitigates the attack), and rate limiting wireless frames detected as part of a Denial of Service (DoS) attack.

The full Radar feature requires a license, but a non-licensed subset of Radar functions is provided in the base Convergence Software package.

For detailed information about Radar WIDS-WIPS features and how to configure them, see the ExtremeWireless User Guide.

Automatic Assignment of IP Addresses to the Client Devices

The ExtremeWireless Appliance has a built-in DHCP (Dynamic Host Configuration Protocol) server that may be used to assign IP addresses to the client devices on specific topologies. The ExtremeWireless Appliance is also capable of working with an external DHCP server, by relaying segment DHCP requests to the configured server.

Web Authentication

The ExtremeWireless Appliance has a built-in Captive Portal capability that allows web authentication (web redirection) to take place. The ExtremeWireless Appliance is also capable of working with an external captive portal.