Roaming; Radius Redundancy; Rejection And Failure; Additional Radius Attributes - Extreme Networks Summit WM Technical Reference Manual

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

MAC Based Authentication

Roaming

When a client roams from one Wireless AP to another, the MAC authentication is not required by

default. The MAC authentication can be forced in the roaming case. It could happen that the user re-

authentication is not required, but that the MAC re-authentication is.

Radius redundancy

If the primary server for the MAC authentication is not accessible, the radius redundancy will be

triggered and the request will be sent to the next server. The expected behavior is similar to the

description in the RADIUS redundancy documents.

Rejection and failure

There is a difference in handling rejection and failure.

Rejection is when the MAC address is rejected by the RADIUS servers.

Initially, the Radius server timeout was treated as rejection (MU_NOT_ALLOWED), but it has been

changed. If the vnMgr does not receive a reply within the specified time, it will not send rejection to the

MU Session Manager. Instead, it will send different message indicating authentication failure

(MU_AUTH_ERROR). The same occurs for the timeout from the other components in the chain:

Radius client timeout

●

Security manager timeout

●

VnManager timeout

●

In order to avoid processing continuous request of unauthorized clients, the feature includes instant

rejection by Wireless AP for defined duration, after which the record will be completely deleted and

new authentication process may proceed. The rejected clients will not be in the black list, since the black

list applies to all WM-ADs, while the restriction for a MAC-based authentication is WM-AD based.

For the MU association, if the MU Session Manager does not get a reply from the vnMgr within the 30

sec, it will send the failure to Wireless AP. Since the vnMgr can get another request from the same

client, it will have different ID and the first reply will be dropped.

Additional RADIUS attributes

The access_accept may include the session timeout, which will be applied to the pre-authenticated

session timer. It also may include the re-direction URL, which should be included in the filter

definitions for the WM-AD.

116

Summit WM Technical Reference Guide, Software Version 5.1

Table of Contents

Roaming; Radius Redundancy; Rejection And Failure; Additional Radius Attributes - Extreme Networks Summit WM Technical Reference Manual

Roaming

Radius redundancy

Rejection and failure

Additional RADIUS attributes

Related Manuals for Extreme Networks Summit WM

Related Content for Extreme Networks Summit WM

Table of Contents