Access Control


Access Control Configuration provides a central location to view the configuration parameters for all aspects of your ExtremeControl system. Access this window by selecting Control > Access Control. Expand the tab to display the options:

The following tabs are included in the Configuration tree:

Configurations

Expand Configurations to access to the following Access Control system components.

Each engine group uses one Access Control configuration that contains an ordered list of rules used to determine which Access Control profile is assigned to the end-systems connecting to the engines in that group. Access Control configurations include the following components:

Name
The Name by which the Access Control Configuration is known.
Portal
If your network is implementing Registration or Assisted Remediation, use the Portal Configuration to define the branding and behavior of the website used by the end user during the registration or remediation process.
AAA
AAA configurations define the RADIUS and LDAP configurations, and Local Password Repository that provide the authentication and authorization services to your ExtremeControl engines.

AAA

The AAA tab defines the RADIUS and LDAP configurations that provide the authentication and authorization services to your ExtremeControlengines.

Profiles

The Profiles tab displays ExtremeCloud IQ Site Engine's system-defined ExtremeControl profiles that define the authorization and assessment requirements for the end-systems connecting to the network.

Captive Portals

The Captive Portals tab enables you to define the branding and behavior of the portal website used by the end user, if your network is implementing registration or Assessment/Remediation.

Notifications

The Notifications tab displays all the notifications you create, and enables you to add, edit, and test specific notification rules. Notifications enable you to create alert actions performed when specific events or triggers take place in ExtremeCloud IQ Site Engine

Vendor RADIUS Attributes

The Vendor RADIUS Attributes tab displays all the vendors and a list of known vendor RADIUS dictionary attributes that have been discovered from the managed engines. Select a vendor name in the table to display the vendor attribute details, including Attribute Name, Attribute Data Type, Attribute Type, and Options.

Add Radius Dictionary to ExtremeControl.

  1. Upload the custom RADIUS dictionary to all Access Control engines:

    /opt/tag/radius/share/freeradius

  2. Update the permissions for the file:

    chmod 644 /opt/tag/radius/share/freeradius/*

  3. Restart the service:

    nacctl restart

  NOTES:
  • Custom radius dictionaries are not part of the backup. The procedure may need to be repeated after the software upgrade.
  • A non-compatible radius dictionary can cause the solution to be non-operational.
  • Renaming existing VSAs in radius dictionaries can cause the system to be non-operational.
  • Duplicating existing VSAs in radius dictionaries can cause the system to be non-operational.
  • Extreme can not guarantee that third party radius dictionary will work.

Global & Engine Settings

The Global & Engine Settings tab provides you access to the following additional tabs:

  • MAC Locking - Use this tab to view settings for locked MAC addresses or to lock a MAC address to a specific switch or port on a switch so that the end-system can only access the network from that port or switch.
  • MAC to IP Mappings - Use this tab to view MAC to IP address mappings for devices with statically assigned IP addresses, and import a file of MAC to IP mappings to the list. You can also Add, Edit, Delete, and Export mappings from this tab.
  • Manage End System Zones

The Engine Settings tab, which is accessible when you expand the Global & Engine Settings tab, to view and configure advanced configuration options for ExtremeControlengines. ExtremeCloud IQ Site Engine includes a default engine settings configuration. You can also define your own settings to use for your ExtremeControlengines.

Top