User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
primary server for all new authentications. All authentications in progress continue to use the
backup server.
Note
There is no correlation between the RADIUS server that is used for authentication and
the RADIUS server that is used for accounting.
Include Framed IP
Select this option to include the FRAMED-IP attribute value pair in the RADIUS ACCESS-REQ
message. You can include the user IP address in the RADIUS ACCESS-REQ through the
FRAMED-IP attribute. This can extend user access reporting capabilities. Framed IP is supported
by External Captive Portal only. Centralized Web Authentication does not support Framed IP.
Report NAS Location
Sends Network Access Server (NAS) Location per the RFC5580 Out of Band agreement. After a
NAS Location change, the new NAS Location is reported in the next RADIUS Request or RADIUS
Accounting message.
Note
Mid-session requests and the Initial Server Request for Location as described in
RFC5580 are not supported.
The following additional attributes (AVP) used by RFC5580 are supported:
• LOCATION-INFO
• LOCATION-DATA
Note
Site Location details are reported in LOCATION-DATA. For more information on Site
Location information, see Site Location on page 120.
• BASIC-LOCATION-POLICY-RULES
• OPERATOR-NAME (Described below)
Block repeated failed Authentications
Enable this setting to minimize the RADIUS server load that is created by repeated
authentication requests and failures. Authentication requests from a client are blocked for a
configurable period of time. While blocked, RADIUS requests from the client are ignored. This
setting applies to a specific WLAN. The client can continue to send authentication requests on a
dierent WLAN.
Consecutive failed Authentications must be received at the Extreme Campus Controller in the
Elapsed time for failed Authentications (Seconds) for the Quiet Timeout (Seconds) to start.
After the quiet timeout expires, the client’s RADIUS requests are forwarded to the RADIUS
server again.
When enabled, the following settings display:
Consecutive failed Authentications
The number of failed authentication attempts. Valid values are 1 to 10. Default value is 5.
Elapsed time for failed Authentications (Seconds)
Configure
AAA Policy Configure
292 Extreme Campus Controller User Guide for version 5.46.03