This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple Authentication types on Radius Service Policy

Multiple Authentication types on Radius Service Policy

CRS
New Contributor

‎04-24-2020 10:02 PM

Hi all,

 

    I’m new here and I’m preparing to deploy my first network with Extreme Wing wireless.

    In my enviroment I will have an SSID with 802.1x for corp users and other SSID for guest witch captive portal.

    I managed to make it work one at a time. I was not able to do both work same time because use of “Radius Service Policy”.

    I saw that need to configure the Radius Service Policy inside Device Controller or Profile, but only one Radius Service Policy is allowed per profile.

      The doubt is;

     Is it possible configure 802.1x and internal radius for guest user using the same “Radius Service Policy”?

      What is the best way for this configuration?     

 

     Regards,

    Claudio Rezende

  

0 Kudos
8 REPLIES 8

CRS
New Contributor

‎04-25-2020 02:31 AM

Hi Christopher,

 

     Now all is working fine. Thank you for you time.

 

Regards,

Claudio Rezende

       

0 Kudos

CRS
New Contributor

‎04-24-2020 11:16 PM

Hi Christopher,

 

     Thanks a lot again, it is working now. 

     Windows machine authenticating with AD credentials.

     Mobiles autenticating with guest users. 

   

     The only think that is still not working, is some Mobile Corporative that need to authenticate in SSID CORP. After change the “Authentication type from MSCHAPv2 to ALL” they stop work.

     Any ideia about it?

   

     

Regars,

     

vx9000-600CCE#show ldap-agent join-status

Primary LDAP Server's agent join-status : Joined domain LAB.


Secondary LDAP Server's agent join-status : Not Configured or Unused
vx9000-600CCE#
 

0 Kudos

Christopher_Fra
Extreme Employee

‎04-24-2020 11:07 PM

Hello Claudio,

      I have attached a document that covers Wing and LDAP integration with MS Active Directory. This covers what you are trying to accomplish.

0 Kudos

Christopher_Fra
Extreme Employee

‎04-24-2020 10:45 PM

Hello Claudio,

      Looks correct. Did you configure the LDAP section (on the radius policy tabs above)? You need to configure LDAP accordingly and ensure that the Wing device is binded with LDAP server. 

Once LDAP is configured, from Wing CLI (Command Line Interface), you can verify that Wing is binded with LDAP server using the following commands;

 

enable [enter]

show ldap-agent join-status [enter]

If running the above and LDAP is not configured and/or not configured properly, you will see the following:

Wing#show ldap-agent join-status

Primary LDAP Server's agent join-status : Not Configured or Unused

If successful, you should something like the following, then you would need to verify your wireless client for 802.1x:

Wing#show ldap-agent join-status

Primary LDAP Server's agent join-status : Joined domain SONIC.

 

 

0 Kudos
GTM-P2G8KFN