Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
31323334353637383940
Creating the Windows Security Infrastructure
Summit WM20 Technical Reference Guide, Software Version 4.238
If the secondary IAS server authenticates and authorizes connection attempts for user accounts in
other domains, verify that the other domains have a two-way trust with the domain in which the
secondary IAS server computer is a member. Next, configure the secondary IAS server computer to
read the properties of user accounts in other domains. For more information, see the “Enable the IAS
server to read user objects in Active Directory” procedure previously described.
Accounts in other domains, and those domains do not have a two-way trust with the domain in
which the secondary IAS server computer is a member, you must configure a RADIUS proxy
between the two untrusted domains. If there are accounts in other Active Directory forests, you must
configure a RADIUS proxy between the forests. For more information, see “Cross-Forest
Authentication” in this article.
6 To copy the configuration of the primary IAS server to the secondary IAS server, type netsh aaaa
show config > path\file.txt at a command prompt on the primary IAS server. This stores the
configuration settings, including registry settings, in a text file. The path can be relative, absolute, or
a network path.
7 Copy the file created in step 7 to the secondary IAS server. At a command prompt on the secondary
IAS server, type netsh exec path\file.txt . This command imports all the settings configured on the
primary IAS server to the secondary IAS server.
NOTE
You cannot copy the IAS settings from an IAS server running Windows Server 2003 to an IAS server running
Windows 2000 Server.
Best Practice
If you change the IAS server configuration in any way, use the Internet Authentication Service snap-in
to change the configuration of the primary IAS server and then use steps 7 and 8 above to synchronize
those changes on the secondary IAS server
Step 5: Deploying and Configuring Wireless APs
Deploy your wireless APs to provide coverage for all the areas of coverage for your wireless network.
Configure your Summit WM Controller and Wireless APs to support WPA, WPA2, or WEP encryption
with 802.1X authentication. Additionally, configure RADIUS settings on your Summit WM Controller
with the following:
1 The IP address or name of a primary RADIUS server, the shared secret, UDP ports for authentication
and accounting, and failure detection settings.
2 The IP address or name of a secondary RADIUS server, the shared secret, UDP ports for
authentication and accounting, and failure detection settings.
To balance the load of RADIUS traffic between the two IAS servers, configure half of the wireless APs
with the primary IAS server as the primary RADIUS server and the secondary IAS server as the
secondary RADIUS server and the other half of the wireless APs with the secondary IAS server as the
primary RADIUS server and the primary IAS server as the secondary RADIUS server.
If the wireless APs require vendor specific attributes (VSAs), you must add the VSAs to the remote
access policies of the IAS servers. For more information, see the “Configure vendor-specific attributes
for a remote access policy” procedure previously described. If you add VSAs to the remote access policy