User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller

111

112

113

114

115

116

117

118

119

120

WM Access Domain Services Configuration

Summit WM20 User Guide, Software Release 4.2118

The selected server is no longer available in the RADIUS drop-down list.

The server name is now displayed in the list of configured servers, next to the Up and Down

buttons, where it can be prioritized for RADIUS redundancy. The server can also be assigned again

for MAC-based authentication or accounting purposes.

A red asterisk is displayed next to Auth, indicating that a server has been assigned.

6 In the Port box, type the port used to access the RADIUS server. The default is 1812.

7 In the # of Retries box, type the number of times the Summit WM Controller will attempt to access

the RADIUS server.

8 In the Timeout box, type the maximum time that a Summit WM Controller will wait for a response

from the RADIUS server before attempting again.

9 In the NAS Identifier box, type the Network Access Server (NAS) identifier. The NAS identifier is a

RADIUS attribute that identifies the server responsible for passing information to designated

RADIUS servers and then acting on the response returned. This is an optional step.

10 In the Include VSA Attributes section, click the appropriate checkboxes to include the Vendor

Specific Attributes in the message to the RADIUS server:

● AP’s

● WM-AD’s

● SSID

The Vendor Specific Attributes must be defined on the RADIUS server.

11 If applicable, select Set as primary server.

12 To save your changes, click Save.

NOTE

If you have already assigned a server to either MAC-based authentication or accounting, and you want to use it

again for authentication, highlight its name in the list next to the Up and Down buttons and select the Use server

for Authentication checkbox. The server’s default information is displayed.

Defining MAC-Based Authentication for a WM-AD

MAC-based authentication enables network access to be restricted to specific devices by MAC address.

The Summit WM Controller queries a RADIUS server for a MAC address when a wireless client

attempts to connect to the network.

MAC-based authentication can be set up on any type of WM-AD, in addition to the Captive Portal or

AAA authentication. To set up a RADIUS server for MAC-based authentication, you must set up a user

account with UserID=MAC and Password=MAC or a password defined by the administrator for each

user. Specifying a MAC address format and policy depends on which RADIUS server is being used.

If MAC-based authentication is to be used in conjunction with the 802.1x or Captive Portal

authentication, an additional account with a real UserID and Password must also be set up on the

RADIUS server.

MAC-based authentication responses may indicate to the Summit WM Controller what WM-AD a user

should be assigned to. Authentication (if enabled) can apply on every roam.