User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Advanced Configuration Profile Settings
From the Edit Profile page, select Advanced and configure the following parameters:
Table 41: Advanced Configuration Profile Settings
Field Description
Client Balancing Enable Client Balancing to distribute client trac evenly
between APs in the same device group. In an availability pair,
create a device group on each appliance. The APs within each
group will manage the user trac within that group.
Secure Tunnel Provides encryption, authentication, and key management
between the APs and/or the appliance.
Valid values are:
• O — Secure Tunnel is turned o and no trac is encrypted.
All SFTP/SSH/HTTP trac works normally.
• Control & Data — This mode only benefits Bridged@AC
VLAN topologies. An IPsec tunnel is established from the
AP to the appliance and all SFTP/SSH/HTTP/WASSP control
and data trac is encrypted. The AP skips the registration
and authentication phases, and when selected, the Secure
Tunnel feature can be configured. This is the default setting.
• Debug — An IPsec tunnel is established from the AP to the
appliance, no trac is encrypted, and all SFTP/SSH/HTTP/
WASSP trac works normally. The AP skips the registration
and authentication phases and when selected, the Secure
Tunnel feature can be configured.
Enforce Manufacturing Certificate Enforce usage of Extreme PKI (Public Key Infrastructure) when
establishing an IKE (Internet Key Exchange) tunnel. Both APs
and controllers have Extreme CA certificates installed.
When this setting is enabled, the controller accepts only APs
that provide Extreme PKI.
Note: Supported on the Defender Adapter SA201 and on the
ExtremeWireless access point models: AP39xx, AP3xx, AP4xx,
and AP5xx.
This setting is not supported on the AP305C, AP410C, and
AP460C access point models.
There must be successful mutual authentication between the
AP and the controller. If either side of the authentication fails,
the tunnel is rejected.
When this setting is enabled, APs that are not PKI capable
(self-signed certificates) are not able to connect to the
controller.
The default is to clear this option. When this setting is cleared,
the controller accepts the AP with a self-signed certificate.
With either type of certificate, the certificate type must match
in both directions before the authenticated tunnel is
established.
Authentication failure messages are logged in the Extreme
Campus Controller Events Log.
You can override the configuration Profile setting for one or
more individual APs from the Advanced > Overrides dialog for
the selected AP.
Configure
Add or Edit a Configuration Profile
Extreme Campus Controller User Guide for version 5.46.03 157