04-24-2020 10:02 PM
Hi all,
I’m new here and I’m preparing to deploy my first network with Extreme Wing wireless.
In my enviroment I will have an SSID with 802.1x for corp users and other SSID for guest witch captive portal.
I managed to make it work one at a time. I was not able to do both work same time because use of “Radius Service Policy”.
I saw that need to configure the Radius Service Policy inside Device Controller or Profile, but only one Radius Service Policy is allowed per profile.
The doubt is;
Is it possible configure 802.1x and internal radius for guest user using the same “Radius Service Policy”?
What is the best way for this configuration?
Regards,
Claudio Rezende
04-25-2020 02:31 AM
Hi Christopher,
Now all is working fine. Thank you for you time.
Regards,
Claudio Rezende
04-24-2020 11:16 PM
Hi Christopher,
Thanks a lot again, it is working now.
Windows machine authenticating with AD credentials.
Mobiles autenticating with guest users.
The only think that is still not working, is some Mobile Corporative that need to authenticate in SSID CORP. After change the “Authentication type from MSCHAPv2 to ALL” they stop work.
Any ideia about it?
Regars,
vx9000-600CCE#show ldap-agent join-status
Primary LDAP Server's agent join-status : Joined domain LAB.
 Secondary LDAP Server's agent join-status : Not Configured or Unused
 vx9000-600CCE#
  
04-24-2020 11:07 PM
Hello Claudio,
I have attached a document that covers Wing and LDAP integration with MS Active Directory. This covers what you are trying to accomplish.
04-24-2020 10:45 PM
Hello Claudio,
Looks correct. Did you configure the LDAP section (on the radius policy tabs above)? You need to configure LDAP accordingly and ensure that the Wing device is binded with LDAP server.
Once LDAP is configured, from Wing CLI (Command Line Interface), you can verify that Wing is binded with LDAP server using the following commands;
enable [enter]
show ldap-agent join-status [enter]
If running the above and LDAP is not configured and/or not configured properly, you will see the following:
Wing#show ldap-agent join-status
Primary LDAP Server's agent join-status : Not Configured or Unused
If successful, you should something like the following, then you would need to verify your wireless client for 802.1x:
Wing#show ldap-agent join-status
Primary LDAP Server's agent join-status : Joined domain SONIC.
