User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Table 53: Advanced AP Setting Overrides (continued)
Field Description
PEAP User Name and Password Ability to configure the PEAP (Protected Extensible
Authentication Protocol) user name and password for all
devices in a device group or for a specific device override. Used
to pre-provision devices for authorization to connect to the
network. Credential and Certificate installation procedures are
supported for Wi-Fi 6 APs, AP39xx series APs, and the SA201
Adapter.
Enforce Manufacturing Certificate Enforce usage of Extreme PKI (Public Key Infrastructure) when
establishing an IKE (Internet Key Exchange) tunnel. Both APs
and controllers have Extreme CA certificates installed.
When this setting is enabled, the controller accepts only APs
that provide Extreme PKI.
Note: Supported on the Defender Adapter SA201 and on the
ExtremeWireless access point models: AP39xx, AP3xx, AP4xx,
and AP5xx.
This setting is not supported on the AP305C, AP410C, and
AP460C access point models.
There must be successful mutual authentication between the
AP and the controller. If either side of the authentication fails,
the tunnel is rejected.
When this setting is enabled, APs that are not PKI capable
(self-signed certificates) are not able to connect to the
controller.
The default is to clear this option. When this setting is cleared,
the controller accepts the AP with a self-signed certificate.
With either type of certificate, the certificate type must match
in both directions before the authenticated tunnel is
established.
Authentication failure messages are logged in the Extreme
Campus Controller Events Log.
You can configure this setting for all APs in a device group from
the device group Advanced Settings dialog. And, you can
override the device group setting for an individual AP from
here.
Configure
Access Points
Extreme Campus Controller User Guide for version 5.46.03 199