Authentication For A Wm-Ad; Authentication With Ssid Network Assignment; Authentication With Aaa (802.1X) Network Assignment - Extreme Networks Summit WM20 User Manual

Authentication for a WM-AD

The third step in setting up a WM-AD is to configure the authentication mechanism for the WM-AD.
The authentication mechanism depends on the network assignment. In addition, all WM-AD definitions
can include authentication by Media Access Control (MAC) address. Authentication by MAC address
provides a method of access control for a user as it associates with the AP based on the device's MAC
address.

Authentication With SSID Network Assignment

If network assignment is SSID, there are two authentication options:
None – This authentication method is the default for a new SSID assignment WM-AD.
●
Authentication WM-AD, unless MAC-based authorization is used, the default filter is applied, not
the non-authentication filter. For more information, see
Captive Portal – This authentication method employs a Web redirection which directs a user's Web
●
session to an authentication server. Typically, the user must provide their credentials (userID,
password) to be authenticated. The Captive Portal redirection operation will redirect any Web page
requests corresponding to targets not explicitly allowed by the non-authenticated filter. The
redirection will instruct the user's Web page to contact the defined authentication Web server. You
must ensure that the authentication Web server is explicitly listed as an allow destination in order for
traffic to access it.
The Summit WM Controller supports two modes of Captive Portal authentication:
Internal Captive Portal – The controller's own Captive Portal authentication page (configured as
●
an editable form) is used to request user credentials.
External Captive Portal – An entity outside of the Summit WM Controller is responsible for
●
handling the user authentication process, presenting the credentials request forms and
performing user authentication procedures. The controller is then informed of the authentication
results via its Business Echosystem's interfaces.
Four authentication types are supported for Captive Portal authentication:
Password Authentication Protocol (PAP)
●
Challenge Handshake Authentication Protocol (CHAP)
●
Windows-specific version of CHAP (MS CHAP)
●
MS CHAP v2 (Windows-specific version of CHAP, version 2)
●
For Captive Portal authentication, the RADIUS server must support the selected authentication type:
PAP, CHAP (RFC2484), MS-CHAP (RFC2433), or MS-CHAPv2 (RFC2759).

Authentication With AAA (802.1x) Network Assignment

If network assignment is AAA with 802.1x authentication, the wireless device user requesting network
access must first be authenticated. The wireless device's client utility must support 802.1x. The user's
request for network access along with login identification or a user profile is forwarded by the Summit
WM Controller to a RADIUS server. Summit WM Controller, Access Points and Software supports the
following authentication types:
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) – Relies on client-side
●
and server-side certificates to perform authentication. Can be used to dynamically generate a
Pairwise Master Key for encryption.
Summit WM20 User Guide, Software Release 4.2
Authentication for a WM-AD
"Filtering for a WM-AD" on page 90.
89