https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79318#M7314 <P>Hello Claudio,</P> <P>&nbsp; &nbsp; &nbsp; I have attached a document that covers Wing and LDAP integration with MS Active Directory. This covers what you are trying to accomplish.</P> Sat, 25 Apr 2020 06:07:48 GMT Christopher_Fra 2020-04-25T06:07:48Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79312#M7308 <P>Hi all,</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; I’m new here and I’m preparing to deploy my first network with Extreme Wing wireless.</P> <P>&nbsp; &nbsp; In my enviroment I will have an SSID with 802.1x for corp users and other SSID for guest witch captive portal.</P> <P>&nbsp; &nbsp; I managed to make it work one at&nbsp;a time. I was not able to do both work same time because use of “Radius Service Policy”.</P> <P>&nbsp; &nbsp; I saw that need to configure the Radius Service Policy inside Device Controller or Profile, but only one Radius Service Policy is allowed per profile.</P> <P>&nbsp; &nbsp;&nbsp; &nbsp;The doubt is;</P> <P>&nbsp; &nbsp; &nbsp;Is it possible configure 802.1x and internal radius for guest user using the same “Radius Service Policy”?</P> <P>&nbsp; &nbsp; &nbsp; What is the best way for this configuration?&nbsp; &nbsp; &nbsp;</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp;Regards,</P> <P>&nbsp; &nbsp; Claudio Rezende</P> <P>&nbsp;&nbsp;</P> Sat, 25 Apr 2020 05:02:33 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79312#M7308 CRS 2020-04-25T05:02:33Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79313#M7309 <P>Hello Claudio,</P> <P>&nbsp; &nbsp; &nbsp; You are correct, only one radius server policy can be mapped to Wing device via self and/or profile (depending on deployment and usage). That being said, if both Corp and Guest will be using internal radius on Wing for authentication, you can map different user pools, which are mapped to groups, to the one radius policy. The radius server policy “<STRONG>Authentication Type</STRONG>” should be ALL.&nbsp;</P> <P>&nbsp;</P> Sat, 25 Apr 2020 05:09:24 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79313#M7309 Christopher_Fra 2020-04-25T05:09:24Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79314#M7310 <P>Hi Christopher,</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; Both SSID&nbsp;will use internal Radius, Guest with user pools,&nbsp;but Corp will authenticate against Active Directory using LDAP.&nbsp;&nbsp;</P> <P>&nbsp; &nbsp; Is it sound ok for you?</P> <P>&nbsp;</P> <P>Regards,</P> <P>&nbsp;</P> Sat, 25 Apr 2020 05:14:47 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79314#M7310 CRS 2020-04-25T05:14:47Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79315#M7311 <P>Hello Claudio,</P> <P>&nbsp; &nbsp; &nbsp;Absolutely, but you will need to configure the Radius Server Policy/Authentication “Default Source” by adding both SSID’s and source (guest using local and corp using&nbsp;LDAP).&nbsp;</P> Sat, 25 Apr 2020 05:18:42 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79315#M7311 Christopher_Fra 2020-04-25T05:18:42Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79316#M7312 <P>Hi Christopher, thanks a lot for your help…&nbsp;&nbsp;</P> <P>I believe that I’m almost there but still not working…&nbsp; look below, where I’m mistaking?</P> <P>&nbsp;</P> <P>&nbsp;</P> <FIGURE><span class="lia-inline-image-display-wrapper" image-alt="30380d10adf74859aa89448bea501cc2_8c8c215b-1241-4b66-a744-75ab0b8ec36b.jpg"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/5499iEE914F2E0F3B860B/image-size/large?v=v2&amp;px=999" role="button" title="30380d10adf74859aa89448bea501cc2_8c8c215b-1241-4b66-a744-75ab0b8ec36b.jpg" alt="30380d10adf74859aa89448bea501cc2_8c8c215b-1241-4b66-a744-75ab0b8ec36b.jpg" /></span></FIGURE><P>&nbsp;</P> Sat, 25 Apr 2020 05:31:27 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79316#M7312 CRS 2020-04-25T05:31:27Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79317#M7313 <P>Hello Claudio,</P> <P>&nbsp; &nbsp; &nbsp; Looks correct. Did you configure the LDAP section (on the radius policy tabs above)? You need to configure LDAP accordingly and ensure that the Wing device is binded with LDAP server.&nbsp;</P> <P>Once LDAP is configured, from Wing CLI (Command Line Interface), you can verify that Wing is binded with LDAP server using the following commands;</P> <P>&nbsp;</P> <P><STRONG>enable </STRONG>[enter]</P> <P><STRONG>show ldap-agent join-status</STRONG> [enter]</P> <P>If running the above and LDAP is not configured and/or not configured properly, you will see the following:</P> <P>Wing#<STRONG>show ldap-agent join-status</STRONG></P> <P>Primary LDAP Server's agent join-status : <STRONG>Not Configured or Unused</STRONG></P> <P>If successful, you should something like the following, then you would need to verify your wireless client for 802.1x:</P> <P>Wing#<STRONG>show ldap-agent join-status</STRONG></P> <P>Primary LDAP Server's agent join-status : <STRONG>Joined domain SONIC.</STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 25 Apr 2020 05:45:50 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79317#M7313 Christopher_Fra 2020-04-25T05:45:50Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79318#M7314 <P>Hello Claudio,</P> <P>&nbsp; &nbsp; &nbsp; I have attached a document that covers Wing and LDAP integration with MS Active Directory. This covers what you are trying to accomplish.</P> Sat, 25 Apr 2020 06:07:48 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79318#M7314 Christopher_Fra 2020-04-25T06:07:48Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79319#M7315 <P>Hi Christopher,</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp;Thanks a lot again, it is working now.&nbsp;</P> <P>&nbsp; &nbsp; &nbsp;Windows machine authenticating with AD credentials.</P> <P>&nbsp; &nbsp; &nbsp;Mobiles autenticating with guest users.&nbsp;</P> <P>&nbsp; &nbsp;</P> <P>&nbsp; &nbsp; &nbsp;The only think that is still not working, is some Mobile Corporative that need to authenticate in SSID CORP. After change the “Authentication type from MSCHAPv2 to ALL” they stop work.</P> <P>&nbsp; &nbsp; &nbsp;Any ideia about it?</P> <P>&nbsp; &nbsp;</P> <P>&nbsp; &nbsp; &nbsp;</P> <P>Regars,</P> <P>&nbsp; &nbsp; &nbsp;</P> <P>vx9000-600CCE#show ldap-agent join-status</P> <P>Primary LDAP Server's agent join-status : Joined domain LAB.</P> <P><BR /> Secondary LDAP Server's agent join-status : Not Configured or Unused<BR /> vx9000-600CCE#<BR /> &nbsp;</P> Sat, 25 Apr 2020 06:16:29 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79319#M7315 CRS 2020-04-25T06:16:29Z https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79320#M7316 <P>Hi Christopher,</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp;Now all is working fine. Thank you for you time.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Claudio Rezende</P> <P>&nbsp; &nbsp; &nbsp; &nbsp;</P> Sat, 25 Apr 2020 09:31:13 GMT https://community.extremenetworks.com/t5/extremewireless-wing/multiple-authentication-types-on-radius-service-policy/m-p/79320#M7316 CRS 2020-04-25T09:31:13Z