Specifications
Configuring Access Point Security
Altitude 3500 Series Access Point Product Reference Guide
220
WARNING!
If you have imported a Server or CA certificate, the certificate will not be saved when updating the
access point’s firmware. Export your certificates before upgrading the access point’s firmware. From the access
point CLI, use the admin(system.cmgr)> expcert command to export the certificate to a secure location.
4 Use the Radius Client Authentication table to configure multiple shared secrets based on the subnet
or host attempting to authenticate with the RADIUS server. Use the
Add button to add entries to the
list. Modify the following information as needed within the table.
5 Click Apply to save any changes to the RADIUS Server screen. Navigating away from the screen
without clicking Apply results in all changes to the screen being lost.
6 Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings
displayed on the RADIUS Server screen to the last saved configuration.
7 Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before
the applet is closed.
Configuring LDAP Authentication
When the RADIUS Data Source is set to use an external LDAP server (see “Configuring the Radius
Server” on page 217), the LDAP screen is used to configure the properties of the external LDAP server.
To configure the LDAP server:
1 Select System Configuration > User Authentication > Radius Server > LDAP from the menu tree.
NOTE
For the onboard RADIUS server to work with Windows Active Directory or open LDAP as the database,
the user has to be present in a group within the organizational unit. The same group must be present within the
onboard RADIUS server’s database. The group configured within the onboard RADIUS server is used for group
policy configuration to support a new Time Based Rule restriction feature.
NOTE
The LDAP screen displays with unfamiliar alphanumeric characters (if new to LDAP configuration).
Extreme Networks recommends only qualified administrators change the default values within the LDAP screen.
Subnet/Host Defines the IP address of the subnet or host that will be
authenticating with the RADIUS server. If a WLAN has
been created to support mesh networking, then enter the
IP address of mesh client bridge in order for the MU to
authenticate with a base bridge.
Netmask Defines the netmask (subnet mask) of the subnet or host
authenticating with the RADIUS server.
Shared Secret Click the Passwords button and set a shared secret used
for each host or subnet authenticating against the RADIUS
server. The shared secret can be up to 7 characters in
length.