Users File - Extreme Networks Summit WM Technical Reference Manual

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

FreeRADIUS and Security

The simplest format to use is:

client 10.0.0.10 {

secret = testing123

shortname = WLC001

}

In this case the RADIUS client is a Summit WM Controller at 10.0.0.10. Since the Summit WM

Controller has many IP addresses, some physical and some virtual, there is confusion over which IP

address to use as the RADIUS client address. The answer is that whatever interface the Summit WM

Controller will use to send the packet to the RADIUS server. In the CLI of the Summit WM Controller

use the ping <target> command to determine which interface will be used if it is not obvious. If the

path to the RADIUS server changes based upon OSPF routing updates then it is best to enter all

possibilities into this file.

The secret parameter will be asked for during the configuration of the Summit WLAN equipment and is

typically referred to as the 'shared secret'.

users file

Example for Captive Portal Authentication

The users file is used for entering static information that can be used for authentication. The simplest

form of an entry is:

"username"

This type of entry can be used for CHAP authentication types. This entry can also be used for PAP-type

authentication types provided that the pap definition in the modules section of the radiusd.conf file has

the encryption_scheme set to 'clear' rather than the default of 'crypt'.

Attributes can be added to the user definition in this file. An example for a captive portal environment

would be:

"username"

Filter-Id = "filter1",

Session-Timeout = 10

In this example the filter-id 'filter1' is returned to the Summit WM Controller and a session timeout of

10 minutes is returned. If the Summit WM Controller has a filter defined that matches the returned

Filter-Id attribute then it will be used. In addition, if the session is successfully authenticated then the

session on the Summit WM Controller has an absolute limit of 10 minutes at which point re-

authentication will be necessary.

Example for MAC-based Authentication

Users can also be defined directly as type PAP, for example, for MAC-based authentication the Summit

WM Controller sends both the username and the password as the MAC address by default, so it is

typical to see a device entered into the users file as follows:

#vocera badge example

"0009EF003BAF" Auth-Type := PAP, User-Password == "0009EF003BAF"

124

Auth-Type := local, User-Password == "aDRM123"

Summit WM Technical Reference Guide, Software Version 5.1

Table of Contents

Users File - Extreme Networks Summit WM Technical Reference Manual

users file

Related Manuals for Extreme Networks Summit WM

Related Content for Extreme Networks Summit WM

Table of Contents