About This Guide
- Intended Audience
- How to Use This Guide
- Safety Information
- Sicherheitshinweise
- Consignes De S??curit??
- Text Conventions
- Providing Feedback to Us
- Getting Help
- Related Publications
Overview of the ExtremeWireless Solution
- Introduction
  - The ExtremeWireless Appliance
- Conventional Wireless LANs
- Elements of the ExtremeWireless Solution
  - Extreme Networks Extreme Management Center Integration
- ExtremeWireless and Your Network
- ExtremeWireless Appliance Product Family
Configuring the ExtremeWireless Appliance
- System Configuration Overview
- Logging on to the ExtremeWireless Appliance
- Wireless Assistant Home Screen
- Working with the Basic Installation Wizard
- Configuring the ExtremeWireless Appliance for the First Time
- Using a Third-party Location-based Solution
  - Configuring Location-Based Services
- Additional Ongoing Operations of the System
Configuring the ExtremeWireless APs
- Wireless AP Overview
- Discovery and Registration
- AP3916ic Integrated Camera Deployment
  - Camera Direct Stream Subscription
  - AP3916ic-Camera Web User Interface
    - Accessing the Camera Web User Interface
    - Camera UI Basic Functions
- Wireless AP Default Configuration
  - Configuring the Default Wireless AP Settings
- Configuring Wireless AP Properties
- Assigning Wireless AP Radios to a VNS
  - Assigning WLAN Services to Wired Client Ports
- Configuring Wireless AP Radio Properties
- Configuring IoT Properties
- Setting Up the Wireless AP Using Static Configuration
  - Configuring VLAN Tags for Wireless APs
- Setting Up 802.1x Authentication for a Wireless AP
- Configuring Co-Located APs in Load Balance Groups
- Configuring an AP Cluster
- Configuring an AP as a Guardian
- Configuring a Captive Portal on an AP
  - Configuring Firewall Friendly External Captive Portal on an AP
  - Controlling Network Access on the AP
- Performing AP Software Maintenance
- Understanding the ExtremeWireless LED Status
Configuring Topologies
- Topology Overview
- Configuring the Admin Port
- Configuring a Basic Data Port Topology
  - Configuring a Basic Topology
- Creating a Topology Group
- Edit or Delete a Topology Group
- Enabling Management Traffic
- Layer 3 Configuration
- Exception Filtering
- Multicast Filtering
Configuring Roles
- Roles Overview
- Configuring Default VLAN and Class of Service for a Role
- Policy Rules
Configuring WLAN Services
- WLAN Services Overview
- Third-party AP WLAN Service Type
- Configuring a Basic WLAN Service
  - Advanced WLAN Service Configuration
- Configuring Privacy
- Configuring Accounting and Authentication
- Configuring QoS Modes
  - Defining the DSCP and Service Classifications
- Configuring Hotspots
  - To Configure a New Hotspot
Configuring a VNS
- Configuring a VNS
  - Controller Defaults
- VNS Global Settings
- Methods for Configuring a VNS
- Manually Creating a VNS
  - Creating a VNS Manually
- Creating a VNS Using the Wizard
- Enabling and Disabling a VNS
- Renaming a VNS
- Deleting a VNS
Configuring Classes of Service
- Classes of Service Overview
- Configuring Classes of Service
- CoS Rule Classification
- Priority and ToS/DSCP Marking
  - Configuring ToS/DSCP Marking
- Rate Limiting
Configuring Sites
- VNS Sites Overview
- Configuring Sites
- Recommended Deployment Guidelines
  - Defining Roles, CoS, and RADIUS Servers for Local RADIUS Authentication
- Radius Configuration
- Selecting AP Assignments
- Selecting WLAN Assignments
Working with a Mesh Network
- About Mesh
- Simple Mesh Configuration
- Wireless Repeater Configuration
- Wireless Bridge Configuration
- Examples of Deployment
- Mesh WLAN Services
  - Mesh Setup with a Single Mesh WLAN Service
  - Mesh Setup with Multiple Mesh WLAN Services
- Key Features of Mesh
- Deploying the Mesh System
- Changing the Pre-shared Key in a Mesh WLAN Service
Working with a Wireless Distribution System
- About WDS
- Simple WDS Configuration
- Wireless Repeater Configuration
- Wireless Bridge Configuration
- Examples of Deployment
- WDS WLAN Services
  - WDS Setup with a Single WDS WLAN Service
  - WDS Setup with Multiple WDS WLAN Services
- Key Features of WDS
- Deploying the WDS System
- Changing the Pre-shared Key in a WDS WLAN Service
Availability and Session Availability
- Availability
- Session Availability
  - Events and Actions in Session Availability
  - Enabling Session Availability
- Viewing SLP Activity
Configuring Mobility
- Mobility Overview
- Mobility Domain Topologies
- Configuring a Mobility Domain
  - Designating a Mobility Manager
  - Designating a Mobility Agent
Working with Third-party APs
- Defining Authentication by Captive Portal for the Third-party AP WLAN Service
- Defining the Third-party APs List
- Defining Policy Rules for the Third-party APs
Working with ExtremeWireless Radar
- Radar Overview
- Radar Components
- Radar License Requirements
  - AP Limitations
- Radar Scan Profiles
  - In-Service Scan Profiles
  - Guardian Scan Profiles
- Enabling the Analysis Engine
- Viewing Existing Scan Profiles
- Adding a New Scan Profile
- Configuring an In-Service Scan Profile
- Configuring a Guardian Scan Profile
- Maintaining the Radar List of APs
- Working with Radar Reports
Working with Location Engine
- Location Engine Overview
- Location Engine on the Controller
- Deploying APs for Location Aware Services
- Configuring the Location Engine
Working with Reports and Statistics
- Application Visibility and Device ID
- Viewing AP Reports and Statistics
- Viewing All Clients
  - Displaying Client Details
    - Client Search Facility
    - Viewing Client MAC and OUI
- Viewing Role Filter Statistics
- Viewing Topology Reports
- Viewing Mobility Reports
- Viewing Controller Status Information
- Viewing Routing Protocol Reports
- Viewing RADIUS Reports
- Call Detail Records (CDRs)
Performing System Administration
- Performing Wireless AP Client Management
  - Adding Clients to a Blacklist
- Defining Wireless Assistant Administrators and Login Groups
  - Modifying Admin Password
  - Removing Administrator
Logs, Traces, Audits and DHCP Messages
- ExtremeWireless Appliance Messages
- Working with Logs
- Viewing Wireless AP Traces
- Viewing Audit Messages
- Viewing the DHCP Messages
- Viewing the NTP Messages
- Viewing Software Upgrade Messages
- Viewing Configuration Restore/Import Messages
Working with GuestPortal Administration
- About GuestPortals
- Adding New Guest Accounts
- Enabling or Disabling Guest Accounts
- Editing Guest Accounts
- Removing Guest Accounts
- Importing and Exporting a Guest File
- Viewing and Printing a GuestPortal Account Ticket
- Working with the Guest Portal Ticket Page
- Configuring Guest Password Patterns
  - To Configure a Guest Password Pattern
- Configuring Web Session Timeouts
Regulatory Information
- ExtremeWireless APs 37XX , 38XX, and 39XX
Default GuestPortal Ticket Page
- Example Ticket Page
  - Placeholders Used in the Default GuestPortal Ticket Page
  - Default GuestPortal Ticket Page Source Code

Configuring the RADIUS Login Authentication Mode

The local login authentication mode is enabled by default. You can change the local login authentication mode to RADIUS-based authentication.

Note

Before you change the default local login authentication to RADIUS-based authentication, you must configure the RADIUS Server on the Global Settings screen. For more information, see VNS Global Settings.

RADIUS is a client/server authentication and authorization access protocol used by a network access server (NAS) to authenticate users attempting to connect to a network device. The NAS functions as a client, passing user information to one or more RADIUS servers. The NAS permits or denies network access to a user based on the response it receives from one or more RADIUS servers. RADIUS uses User Datagram Protocol (UDP) for sending the packets between the RADIUS client and server.

You can configure a RADIUS key on the client and server. If you configure a key on the client, it must be the same as the one configured on the RADIUS servers. The RADIUS clients and servers use the key to encrypt all RADIUS packets transmitted. If you do not configure a RADIUS key, packets are not encrypted. The key itself is never transmitted over the network.

Note

Before you configure the system to use RADIUS-based login authentication, you must configure the Service-Type RADIUS attribute on the RADIUS server.

EWC uses the standard RADIUS attribute Service-Type to put the user into the appropriate groups:

Administrator Service-Type = 6
Read-Only Service-Type = 7
GuestPortal Manager Service-Type = 8

To configure the RADIUS login authentication mode:

From the top menu, click Controller.
In the left pane, click Administration > Login Management. The Login Management screen displays.
Click the RADIUS Authentication tab.
In the Authentication mode section, click Configure.
The Login Authentication Mode Configuration window is displayed.
Select the RADIUS checkbox.
If the Local checkbox is selected, deselect it.
Click OK.
From the drop-down list, located next to the Use button, select the RADIUS Server that you want to use for the RADIUS login authentication, and then click Use. The RADIUS Server‘s name is displayed in the Configured Servers box, and in the Auth section, and the following default values of the RADIUS Server are displayed.
Note
The RADIUS Servers displayed in the list located against the Use button are defined on Global Settings screen. For more information, see VNS Global Settings.

The following values can be edited:
- NAS IP address — The IP address of Network Access Server (NAS).
- NAS Identifier — The Network Access Server (NAS) identifier. The NAS identifier is a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS servers, and then acting on the response returned.
- Auth Type — The authentication protocol type (PAP, CHAP, MS-CHAP, or MS-CHAP2).
- Set as Primary Server — Specifies the primary RADIUS server when there are multiple RADIUS servers.
To add additional RADIUS servers, repeat Step 7.
Note
You can add up to three RADIUS servers to the list of login authentication servers. When you add two or more RADIUS servers to the list, you must designate one of them as the Primary server. The controller first attempts to connect to the Primary server. If the Primary Server is not available, it tries to connect to the second and third server according to their order in the Configured Servers box. You can change the order of RADIUS servers in the Configured Servers box by clicking on the Up and Down buttons.
Click Test to test connectivity to the RADIUS server.
Note
You can also test the connectivity to the RADIUS server after you save the configuration. If you do not test the RADIUS server connectivity, and you have made an error in configuring the RADIUS-based login authentication mode, you will be locked out of the controller when you switch the login mode to the RADIUS login authentication mode. If you are locked out, access Rescue mode via the console port to reset the authentication method to local.

The following window is displayed.
In the User ID and the Password boxes, type the user‘s ID and the password, which were configured on the RADIUS Server, and then click Test. The RADIUS connectivity result is displayed.

Note

To learn how to configure the User ID and the Password on the RADIUS server, refer to your RADIUS server‘s user guide.

If the test is not successful, the following message will be displayed:

If the RADIUS connectivity test displays “Successful” result, click Save on the RADIUS Authentication screen to save your configuration.

The following window is displayed:
If you tested the RADIUS server connectivity earlier in this procedure, click No. If you click Yes, you will be asked to enter the RADIUS server user ID and password.
To change the authentication mode to RADIUS authentication, click OK.
You will be logged out of the controller immediately. You must use the RADIUS login user name and password to log on the controller.

To cancel the authentication mode changes, click Cancel.

Published May 2017prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback