Set up Extreme Network ECA for EAP-TLS

Set up Extreme Network ECA for EAP-TLS

Prerequisites and Limitations

  • A SecureW2 Network Profile configured for EAP-TLS
  • An ExtremeCloud Appliance (ECA)
  • An Extreme Access Point compatible with ECA (this guide uses a AP3915i)

Integrating SecureW2 with Extreme Cloud Appliance

Configuring the SecureW2 RADIUS

  1. From the left-hand side pane, navigate to ONBOARD > AAA

Navigating to the AAA policy

  1. Under RADIUS Servers, click the Add button on the Default AAA Configuration page

Select and add the SecureW2 RADIUS server

  1. Configure the following parameters for the SecureW2 RADIUS server
    • RADIUS Server IP address <SecureW2 RADIUS IP Address>
    • Authorization Client UDP Port <SecureW2 RADIUS Port>
    • Shared Secret <SecureW2 RADIUS Shared Secret>
  2. Click on the Save button on the top right-hand side
  3. This process needs to be repeated, so both the Primary and Secondary IP Addresses are added

Finishing configuring the RADIUS server

 

Configuring the Captive Portal on ECA

  1. Navigate to Networks > Add

Navigating to add the Captive Portal link

  1. Configure the following parameters:
    • Network Name – Example: Onboard
    • SSID – Enter a character string to identify the wireless network
    • Status – Enable the network service
    • Auth Type – Open
    • Enable Captive Portal – Check this option to enable captive portal support
    • Captive Portal Type – Select External
    • ECP URL – URL address of the SecureW2 network profile
    • Walled Garden Rules – Click Walled Garden Rules to configure policy rules for the external captive portal
    • Click on L3,L4 Rules (IP and Port) Rules(0 Rules) > New
    • Create entries to allow end-user devices to reach SecureW2 servers, Google Play Store, and for disabling CNA browsers
      • For a full list of resources to allow in the Walled Garden, please refer to the SecureW2 JoinNow Configuration Guide in the Management Portal

Completing the configuration of Walled Garden rules

  1. Click Save

 

Configure the Secure SSID on ECA

  1. Navigate to Networks > Add

Navigating to the secure SSID

  1. Configure the following parameters:
    • Network Name – Example: SecureSSID
    • SSID – Enter a character string to identify the wireless network
    • Status – Enable the network service
    • Auth Type – WPA2 Enterprise w/ RADIUS
    • Authentication Method – RADIUS
    • Primary RADIUS – SecureW2 RADIUS IP Address added earlier
    • Backup RADIUS – Other SecureW2 RADIUS IP Address added earlier
    • Default Auth Role – Select Enterprise User
    • Default VLAN – Select a VLAN
  2. Click Save

Configuring the parameters of the secure SSID

 

Assigning the Configured Networks to a Site

  1. Go to the Sites tab and select the preferred site that is already configured
  2. Click Configure Site
  3. Click the Device Groups tab and select a device group
  4. Click on the Profile field to edit the device group profile
  5. Go to the Networks tab and select the configured network
  6. Go to the Roles tab and select the previously configured roles
  7. Click Ok > Save

Assigning the fully configured network to the site

Finalizing the configuration of the network to the site

 

Once that’s finished, you’re all set!

Ready to get started configuring your ECA for EAP-TLS? SecureW2 has affordable options for organizations of all shapes and sizes. Click here to check out our pricing form.

Extreme is either registered trademarks or trademarks of Extreme Networks in the United States and/or other countries. Other trademarks, logos and service marks used in this site are the property of SecureW2 or other third parties.