Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM200
919293949596979899100
WM-AD configuration
Summit WM Getting Started Guide, Software Version 5.198
Internal Captive PortalThe Summit WM Controller uses its built-in web server and web
page to accept authorization data. This web page can be customized over the Summit WM
GUI.
NOTE
You must note here that the internal Captive Portal does not substitute the external RADIUS server. The RADIUS
server is still needed. The internal Captive Portal within the Summit WM Controller displays the webpage to
enable the users to supply their user name and password. The user name and password are sent to the
configured RADIUS server for authentication.
In case of external Captive Portal, webpage authentication is performed by the external Captive Portal.
External Captive Portal – External Captive Portal can be classified under the following two
categories — External Captive Portal with Internal Authentication, and External Captive
Portal with External Authentication.
In External Captive Portal with Internal Authentication, the login page comes from the
external server while the authentication is done by the existing RADIUS server.
In External Captive Portal with External Authentication, the login page comes from the
external web server and the authentication is also performed by the external authentication
server.
MAC-based authentication — The RADIUS server authorizes the client device on the basis of its
MAC address. After the client device is authorized, it can go through the Captive Portal
authentication. If the client device fails the Captive Portal authentication, the controller will
inform the Wireless AP to disassociate the client device.
AAA – The AAA (Authentication, Authorization and Accounting) network assignment type offers
the following authentication options:
MAC-based authentication– The RADIUS server authorizes the client device on the basis of its
MAC address.
802.1x authentication – The RADIUS server authorizes the client device on the basis of its MAC
address. After the client device is authorized, it can go through the Captive Portal authentication.
If the client device fails the Captive Portal authentication, the controller will inform the Wireless
AP to disassociate the client device.
NOTE
If you do not assign any authentication mechanism to the new WM-AD, the Default filter is applied to it to ensure
some minimal level of authentication. For more information, see “Configuring filtering rules for Default filter” on
page 105.
Configuring MAC-based authentication
MAC-based authentication restricts wireless device’s access to the network, based on its MAC
addresses. The Summit WM Controller relays the client devices’ MAC address to a RADIUS server on
your network following which the RADIUS server checks the address against a list of allowed MAC
addresses. If the client device’s MAC address matches one in the list of allowed MAC addresses in the
RADIUS server, the user is granted access to the network.