User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
The RADIUS Authorization and Accounting transactions occur between the Network Access Server
(NAS) on Extreme Campus Controller and the RADIUS server without involving NAC.
However, you have the option to configure Access Control Rules within the local NAC, making use of
automated policy management. Access Control Rules enable you to apply network access permissions
and restrictions based on defined rules. The rules can address network resources, a user's role or
purpose in the organization, or the device type that is used to access the network. Network access
control is dynamic. End-user network access can change as group associations change without a
network administrator getting involved.
Regardless of the RADIUS configuration method you choose, you can easily configure RADIUS
attributes and find support for RADIUS Change of Authorization (CoA).
Related Topics
Configure AAA Policy on page 289
Onboard AAA Authentication on page 295
Access Control Rules on page 320
Configure AAA Policy
You can create a AAA Policy that can be referenced through a WLAN Service, bypassing the local
Network Access Control on Extreme Campus Controller.
Note
AAA Policy can only be configured for WLAN networks requiring MACAUTH, External Captive
Portal, or EAP.
To configure a AAA network policy:
1. Go to Configure > Networks > WLANs and select a network.
AAA Policy is displayed for WLAN Networks that require authentication or authorization. The value
Local Onboarding refers to RADIUS requests that are directed through the Extreme Campus
Controller. Local Onboarding is the default value for WLAN Networks configured for Internal Captive
Portal.
2. Select an Auth Type.
The AAA Policy field displays.
3. From the AAA Policy field, select
to add a new policy, or select to edit a policy.
4. Configure the following parameters:
Name
Policy name.
Authentication Protocol
Authentication protocol type for the RADIUS server (PAP, CHAP, MS-CHAP, or MSCHAP2).
NAS IP Address
IP address of the Network Access Server (NAS).
NAS ID
A RADIUS attribute that identifies the client to a RADIUS server. The NAS-Identifier can be used
instead of an IP address to identify the client.
Configure
Configure AAA Policy
Extreme Campus Controller User Guide for version 5.46.03 289