Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
101102103104105106107108109110
WM Access Domain Services Configuration
Summit WM20 User Guide, Software Release 4.2108
Authentication for a WM-AD
The next step in configuring a WM-AD is to set up the authentication mechanism. There are various
authentication combinations available:
If network assignment is by SSID, authentication can be:
none
by Captive Portal using internal Captive Portal
by Captive Portal using external Captive Portal
by MAC-based authentication
If network assignment is by AAA (802.1x), authentication can be:
by 802.1x authentication, the wireless device user must be authenticated before gaining network
access
by MAC-based authentication
The first step for any type of authentication is to select RADIUS servers for:
Authentication
Accounting
MAC-based authentication
MAC-based authentication enables network access to be restricted to specific devices by MAC address.
In addition to the other types of authentication, when MAC-based authentication is employed the
Summit WM Controller queries a RADIUS server to determine if the wireless client's MAC address is
authorized to access the network.
Vendor-Specific Attributes
In addition to the standard RADIUS message, you can include Vendor-Specific Attributes (VSAs). The
Summit WM Controller, Access Points and Software authentication mechanism provides six VSAs for
RADIUS and other authentication mechanisms.
Table 4: Vendor-Specific Attributes
Attribute Name ID Type Messages Description
Extreme-URL-Redirection 1 string Returned from
RADIUS server
A URL that can be returned to redirect a
session to a specific Web page.
Extreme-AP-Name 2 string Sent to RADIUS
server
The name of the AP the client is
associating to. It can be used to assign
policy based on AP name or location.
Extreme-AP-Serial 3 string Sent to RADIUS
server
The AP serial number. It can be used
instead of (or in addition to) the AP name.
Extreme-WM-AD-Name 4 string Sent to RADIUS
server
The name of the WM-AD the client has
been assigned to. It is used in assigning
policy and billing options, based on service
selection.
Extreme-SSID 5 string Sent to RADIUS
server
The name of the SSID the client is
associating to. It is used in assigning
policy and billing options, based on service
selection.