Access Control
Access Control Configuration provides a central location to view the configuration parameters for all aspects of your ExtremeControl system. Access this window by selecting Control > Access Control. Expand the tab to display the options:
The following tabs are included in the Configuration tree:
- Configurations
- AAA
- Profiles
- Captive Portals
- Notifications
- Vendor RADIUS Attributes
- Global & Engine Settings
Configurations
Expand Configurations to access to the following Access Control system components.
Each engine group uses one Access Control configuration that contains an ordered list of rules used to determine which Access Control profile is assigned to the end-systems connecting to the engines in that group. Access Control configurations include the following components:
- Name
- The Name by which the Access Control Configuration is known.
- Portal
- If your network is implementing Registration or Assisted Remediation, use the Portal Configuration to define the branding and behavior of the website used by the end user during the registration or remediation process.
- AAA
- AAA configurations define the RADIUS and LDAP configurations, and Local Password Repository that provide the authentication and authorization services to your ExtremeControl engines.
AAA
The AAA tab defines the RADIUS and LDAP configurations that provide the authentication and authorization services to your ExtremeControlengines.
Profiles
The Profiles tab displays ExtremeCloud IQ Site Engine's system-defined ExtremeControl profiles that define the authorization and assessment requirements for the end-systems connecting to the network.
Captive Portals
The Captive Portals tab enables you to define the branding and behavior of the portal website used by the end user, if your network is implementing registration or Assessment/Remediation.
Notifications
The Notifications tab displays all the notifications you create, and enables you to add, edit, and test specific notification rules. Notifications enable you to create alert actions performed when specific events or triggers take place in ExtremeCloud IQ Site Engine
Vendor RADIUS Attributes
The Vendor RADIUS Attributes tab displays all the vendors and a list of known vendor RADIUS dictionary attributes that have been discovered from the managed engines. Select a vendor name in the table to display the vendor attribute details, including Attribute Name, Attribute Data Type, Attribute Type, and Options.
Add Radius Dictionary to ExtremeControl.
- Upload the custom RADIUS dictionary to all Access Control engines:
/opt/tag/radius/share/freeradius
- Update the permissions for the file:
chmod 644 /opt/tag/radius/share/freeradius/*
-
Restart the service:
nacctl restart
NOTES: |
|
Global & Engine Settings
The Global & Engine Settings tab provides you access to the following additional tabs:
- MAC Locking - Use this tab to view settings for locked MAC addresses or to lock a MAC address to a specific switch or port on a switch so that the end-system can only access the network from that port or switch.
- MAC to IP Mappings - Use this tab to view MAC to IP address mappings for devices with statically assigned IP addresses, and import a file of MAC to IP mappings to the list. You can also Add, Edit, Delete, and Export mappings from this tab.
- Manage End System Zones
The Engine Settings tab, which is accessible when you expand the Global & Engine Settings tab, to view and configure advanced configuration options for ExtremeControlengines. ExtremeCloud IQ Site Engine includes a default engine settings configuration. You can also define your own settings to use for your ExtremeControlengines.