This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ Authentication Service

XIQ Authentication Service

Christopher_Tay
Contributor

‎03-02-2021 09:04 PM

I have set up a test XIQ Pilot environment using an AP 305C. I was participating in a demo where they said that if you did not have a RADIUS server available you could use CloudIQ Authentication Service however they were not very clear on all the setting.

Which Key Management method should be chosen?

Which Encryption method should be chosen?

On the client device

What is the EAP method?

What is the phase 2 authentication method?

What “Domain” should be entered?

 

Thank you,

Chris

 

0 Kudos
2 REPLIES 2

Christopher_Tay
Contributor

‎03-05-2021 04:29 PM

Hi Sam,

I understand about setting the parameters when using your own RADIUS server but I was asking about using the ExtremeCloud IQ Authentication Service.  See picture.

78366d5e38d54e9d828af7ad5b46ef4c_a220de55-0945-4c52-bee3-baacba5849e6.jpg

In training videos for XIQ the instructor has said that this can be used instead of an onsite RADIUS server.  Unfortunately the video does not give all the details on how to configure it.  

I created some users and had their credential sent to me but they won’t connect.  When I use PEAP my mobile device asks for a Domain.  See picture

78366d5e38d54e9d828af7ad5b46ef4c_83d71187-3961-4982-8a2e-f3c0c6805f28.png

When I have set up 802.1X networks with my own Radius server it never asks for the Domain.  I tried to use extremenetworks.com but that didnt do the trick.

Any ideas?

Thanks

Chris

 

0 Kudos

SamPirok
Community Manager Community Manager
Community Manager

‎03-03-2021 06:34 PM

Hi Chris, a lot of those settings are going to be personal preference or based on what your client devices can use. 

Key Management- I’d stick with WPA2-802.1x unless you have some older client devices, in which case I’d set it to Auto so you can use WPA1 or WPA2. 

Encryption Method- I’d recommend using CCMP(AES) over TKIP, but here again we need to think about the client base and what it can use. Unless you have some very, very old client devices to work with, CCMP is the one to use. 

EAP- Extensible Authentication Protocol (EAP) is an authentication framework, providing some common functions/negotiations of authentication methods. Basically it’s a common framework for end devices to use when trying to authenticate to an unknown network. 

Phase 2 authentication method- This is an extra layer of protection in the authentication process, to prevent things like replay attacks. MS-CHAPv2 is an example of this. 

Domain- Typically you’d use the domain your end users will be coming from, but if you can elaborate on where you’re seeing the domain section, I can try to be more specific. 

 

Hope that helps!

 

0 Kudos
GTM-P2G8KFN