About This Guide
- Intended Audience
- How to Use This Guide
- Safety Information
- Sicherheitshinweise
- Consignes De S??curit??
- Text Conventions
- Providing Feedback to Us
- Getting Help
- Related Publications
Overview of the ExtremeWireless Solution
- Introduction
  - The ExtremeWireless Appliance
- Conventional Wireless LANs
- Elements of the ExtremeWireless Solution
  - Extreme Networks Extreme Management Center Integration
- ExtremeWireless and Your Network
- ExtremeWireless Appliance Product Family
Configuring the ExtremeWireless Appliance
- System Configuration Overview
- Logging on to the ExtremeWireless Appliance
- Wireless Assistant Home Screen
- Working with the Basic Installation Wizard
- Configuring the ExtremeWireless Appliance for the First Time
- Using a Third-party Location-based Solution
  - Configuring Location-Based Services
- Additional Ongoing Operations of the System
Configuring the ExtremeWireless APs
- Wireless AP Overview
- Discovery and Registration
- AP3916ic Integrated Camera Deployment
  - Camera Direct Stream Subscription
  - AP3916ic-Camera Web User Interface
    - Accessing the Camera Web User Interface
    - Camera UI Basic Functions
- Wireless AP Default Configuration
  - Configuring the Default Wireless AP Settings
- Configuring Wireless AP Properties
- Assigning Wireless AP Radios to a VNS
  - Assigning WLAN Services to Wired Client Ports
- Configuring Wireless AP Radio Properties
- Configuring IoT Properties
- Setting Up the Wireless AP Using Static Configuration
  - Configuring VLAN Tags for Wireless APs
- Setting Up 802.1x Authentication for a Wireless AP
- Configuring Co-Located APs in Load Balance Groups
- Configuring an AP Cluster
- Configuring an AP as a Guardian
- Configuring a Captive Portal on an AP
  - Configuring Firewall Friendly External Captive Portal on an AP
  - Controlling Network Access on the AP
- Performing AP Software Maintenance
- Understanding the ExtremeWireless LED Status
Configuring Topologies
- Topology Overview
- Configuring the Admin Port
- Configuring a Basic Data Port Topology
  - Configuring a Basic Topology
- Creating a Topology Group
- Edit or Delete a Topology Group
- Enabling Management Traffic
- Layer 3 Configuration
- Exception Filtering
- Multicast Filtering
Configuring Roles
- Roles Overview
- Configuring Default VLAN and Class of Service for a Role
- Policy Rules
Configuring WLAN Services
- WLAN Services Overview
- Third-party AP WLAN Service Type
- Configuring a Basic WLAN Service
  - Advanced WLAN Service Configuration
- Configuring Privacy
- Configuring Accounting and Authentication
- Configuring QoS Modes
  - Defining the DSCP and Service Classifications
- Configuring Hotspots
  - To Configure a New Hotspot
Configuring a VNS
- Configuring a VNS
  - Controller Defaults
- VNS Global Settings
- Methods for Configuring a VNS
- Manually Creating a VNS
  - Creating a VNS Manually
- Creating a VNS Using the Wizard
- Enabling and Disabling a VNS
- Renaming a VNS
- Deleting a VNS
Configuring Classes of Service
- Classes of Service Overview
- Configuring Classes of Service
- CoS Rule Classification
- Priority and ToS/DSCP Marking
  - Configuring ToS/DSCP Marking
- Rate Limiting
Configuring Sites
- VNS Sites Overview
- Configuring Sites
- Recommended Deployment Guidelines
  - Defining Roles, CoS, and RADIUS Servers for Local RADIUS Authentication
- Radius Configuration
- Selecting AP Assignments
- Selecting WLAN Assignments
Working with a Mesh Network
- About Mesh
- Simple Mesh Configuration
- Wireless Repeater Configuration
- Wireless Bridge Configuration
- Examples of Deployment
- Mesh WLAN Services
  - Mesh Setup with a Single Mesh WLAN Service
  - Mesh Setup with Multiple Mesh WLAN Services
- Key Features of Mesh
- Deploying the Mesh System
- Changing the Pre-shared Key in a Mesh WLAN Service
Working with a Wireless Distribution System
- About WDS
- Simple WDS Configuration
- Wireless Repeater Configuration
- Wireless Bridge Configuration
- Examples of Deployment
- WDS WLAN Services
  - WDS Setup with a Single WDS WLAN Service
  - WDS Setup with Multiple WDS WLAN Services
- Key Features of WDS
- Deploying the WDS System
- Changing the Pre-shared Key in a WDS WLAN Service
Availability and Session Availability
- Availability
- Session Availability
  - Events and Actions in Session Availability
  - Enabling Session Availability
- Viewing SLP Activity
Configuring Mobility
- Mobility Overview
- Mobility Domain Topologies
- Configuring a Mobility Domain
  - Designating a Mobility Manager
  - Designating a Mobility Agent
Working with Third-party APs
- Defining Authentication by Captive Portal for the Third-party AP WLAN Service
- Defining the Third-party APs List
- Defining Policy Rules for the Third-party APs
Working with ExtremeWireless Radar
- Radar Overview
- Radar Components
- Radar License Requirements
  - AP Limitations
- Radar Scan Profiles
  - In-Service Scan Profiles
  - Guardian Scan Profiles
- Enabling the Analysis Engine
- Viewing Existing Scan Profiles
- Adding a New Scan Profile
- Configuring an In-Service Scan Profile
- Configuring a Guardian Scan Profile
- Maintaining the Radar List of APs
- Working with Radar Reports
Working with Location Engine
- Location Engine Overview
- Location Engine on the Controller
- Deploying APs for Location Aware Services
- Configuring the Location Engine
Working with Reports and Statistics
- Application Visibility and Device ID
- Viewing AP Reports and Statistics
- Viewing All Clients
  - Displaying Client Details
    - Client Search Facility
    - Viewing Client MAC and OUI
- Viewing Role Filter Statistics
- Viewing Topology Reports
- Viewing Mobility Reports
- Viewing Controller Status Information
- Viewing Routing Protocol Reports
- Viewing RADIUS Reports
- Call Detail Records (CDRs)
Performing System Administration
- Performing Wireless AP Client Management
  - Adding Clients to a Blacklist
- Defining Wireless Assistant Administrators and Login Groups
  - Modifying Admin Password
  - Removing Administrator
Logs, Traces, Audits and DHCP Messages
- ExtremeWireless Appliance Messages
- Working with Logs
- Viewing Wireless AP Traces
- Viewing Audit Messages
- Viewing the DHCP Messages
- Viewing the NTP Messages
- Viewing Software Upgrade Messages
- Viewing Configuration Restore/Import Messages
Working with GuestPortal Administration
- About GuestPortals
- Adding New Guest Accounts
- Enabling or Disabling Guest Accounts
- Editing Guest Accounts
- Removing Guest Accounts
- Importing and Exporting a Guest File
- Viewing and Printing a GuestPortal Account Ticket
- Working with the Guest Portal Ticket Page
- Configuring Guest Password Patterns
  - To Configure a Guest Password Pattern
- Configuring Web Session Timeouts
Regulatory Information
- ExtremeWireless APs 37XX , 38XX, and 39XX
Default GuestPortal Ticket Page
- Example Ticket Page
  - Placeholders Used in the Default GuestPortal Ticket Page
  - Default GuestPortal Ticket Page Source Code

Configuring Advanced RADIUS Servers Settings

From the top menu, click VNS.
In the left pane, click Global > Authentication.
In the MAC Address area, click Advanced.

Advanced RADIUS Server Settings

Configure the following parameters:

Advanced Radius Settings

Field	Description
Include Service-Type attribute in Client Access Request messages	Select if the client RADIUS Access Request message includes the "Service-Type" attribute. If included, the attribute is set to "Framed" by default.
Set Service Type to Login	If selected, the RADIUS "Service-Type" attribute of the client Access Request is set to "Login" (instead of "Framed"). Note: RADIUS-based controller administrative access also sets the Service-Type attribute to "Login". Therefore, if you enable Service Type Login here, RADIUS-based administrative access is not allowed (and vice versa).
Delay for Client Message for Topology Change	Defines a delay during client authentication when switching from one topology to another. This is relevant for Captive Portal authentication. The delay gives time for the client to be assigned an IP address for the new topology before browser redirection. Set the delay in seconds.
How should multiple RADIUS servers be used?	Select an authentication or accounting option. The selection applies to all WLAN (Wireless Local Area Network) Services and to all sites on the EWC. Round-Robin. The server is selected on a round-robin basis starting at the top of the list of approved servers. The first server is used until it fails, and that pattern continues down the list. When the last server fails, then the first server is used again. Primary-Backup. Select a primary failover server to have control over which server provides redundancy. When you select Primary-Backup, the RADIUS server assigned to the site or WLAN Service is the primary for the WLAN Service. All other RADIUS servers assigned to WLAN Service are backups for the primary and continue to be selected in a round-robin approach. For controllers in an availability pair, the Primary and Backup servers must be synchronized (enable "Synchronize System Configuration" in Availability setup) if the WLAN Services are synchronized. If the primary server has failed resulting in a backup server being used for authentication, the controller will periodically send a "Health Check" to the primary server to see if it has recovered. If the primary server has recovered, the controller starts using the primary server for all new authentications. All authentications in progress continue to use the backup server.
Use MAC-Based Authentication MAC address format for user authentication and accounting via RADIUS	Allows the administrator to override the default MAC address colon-separated format (for example 00:11:22:33:44:55) with the Global Authentication MAC Address format for the following attributes: Calling-Station-Id attribute of the RADIUS packet Called-Station-Id attribute (if Called-Station-Id is not overridden by Zone name) AP BSSID Mac in one of the vendor attributes User-Name attribute. Note: This setting is enabled for new deployments. You must manually enable this setting for upgraded deployments.
Override 802.1x Authentication Call-Station-Id format with XX-XX-XX-XX-XX-XX:SSID	Allows the administrator to override the Called-Station-Id attribute format for 802.1x authentication with the format XX-XX-XX-XX-XX-XX:SSID. This setting is disabled by default. When you select this option, the Called-Station-Id conforms to the format specified in RFC 3580 (IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines). If the RADIUS server is processing this attribute, the RADIUS server has to support this format. Note: This setting overrides the setting Use MAC-Based Authentication MAC address format for user authentication and accounting via RADIUS.
Radius Accounting	Enabling RADIUS accounting activates RADIUS accounting only in WLAN Services specifically configured to perform it. Disabling RADIUS accounting overrides the RADIUS accounting settings of individual WLAN Services.
Defer sending the accounting start request until the client's IP address is known	Specify Authentication Behavior of RADIUS servers on Server Failure. If selected, the client RADIUS Accounting Request "start" command is not sent to the RADIUS server until the client IP address is known. By default, this option is not selected and the "start" command is sent once the client is authenticated.