Policy examples, Policies and radius support, Radius attributes – Extreme Networks Summit 300-48 User Manual

88

Summit 300-48 Switch Software User Guide

Unified Access Security

Policy Examples

The following examples suggest typical uses of network security policies.

Example.

You want to give employees complete network access but limit access to visitors. The

solution is to base network access on the authentication method, as indicated in Table 29.

NOTE

Not all methods can be used at the same time on the same interface.

Example.

You want to restrict user access to certain locations or times. The solution is to include the

access point as a component of network access and include time restrictions for certain locations.

Policies and RADIUS Support

The authentication features of the Summit 300-48 switch are tightly integrated with RADIUS. You can
specify the following types of RADIUS access control policies:

•

User-based — 802.1x requests provide the RADIUS server with the user name and password. Based
on the user name, the RADIUS server sends back authentication information, including allow/deny,
assigned VLAN, and VLAN tag.

•

Location-based — You can configure a location string for each wireless port. The location is sent to
the RADIUS server as a vendor-specific attribute. The RADIUS server uses this information to
determine the access policy.

RADIUS Attributes

Table 30 lists the attributes are included in each request for access:

Table 29: Authentication-Based Network Access Example

Authentication Method

User Placement

802.1x with dynamic WEP

Internal VLAN

TKIP with pre-shared keys

PSK VLAN

WEP

WEP VLAN

Fails 802.1x authentication

Deny access

Table 30: RADIUS Request Attributes

Attribute

Description

User-Name

User name for dot1x or MAC address

User-Password

User-specified for dot1x or blank

Service-Type

Value is login (1)

Vendor-Specific

Contains EXTREME_USER_LOCATION, and the value is as configured
by the user for the location of each wireless port