This Help topic tells you how to configure RADIUS monitoring tools to monitor ExtremeControl engine performance and availability.
Use the following steps to create a list of RADIUS monitoring clients and configure a special authentication mapping for your AAA configuration used to authenticate the clients.
If you have multiple engine groups, you can use the same tools to monitor different engine groups, but each engine group is configured separately.
- Access the Control > Access Control tab in ExtremeCloud IQ Site Engine.
- Select Engines in the left panel.
- Select the engine group or single engine for which you are configuring RADIUS monitoring tools in the Engine Groups or All Engines list, respectively.
- In the right-panel Details tab, select the Edit RADIUS Monitor Clients button.
- The Configure RADIUS Monitor Clients window opens.
- Use this window to create a list of the monitoring tools (clients) used, and specify the shared secret to be used for all of them.
- Select the Add button. Enter the IP address for the first client and select OK. Repeat for each client that you want to add.
- Enter the Server Shared Secret. This is a string of characters used to encrypt and decrypt communications between the RADIUS Monitor clients and the engines. This string must match the shared secret configured on the client. Without the shared secret, the engines and clients will be unable to communicate. The shared secret must be at least 6 characters long; 16 characters is recommended. Dashes are allowed in the string, but spaces are not.
- Re-enter the shared secret to verify it.
- Select OK.
- Select the
Configuration tab in the left panel to expand it.
- Select AAA in the left panel.
- Select an Advanced AAA Configuration.
- In the right-panel Authentication Rules table, select the Add button to add a new mapping. (You must be using an advanced AAA Configuration in order to see the mapping table. If you are not, right-click on the AAA Configuration in the left panel and select Make Advanced.)
- The Add User to Authentication Mapping window opens.
- Set the Authentication Type to RADIUS Monitor.
- Set the Authentication Method to Local Authentication and select the Password for all Authentications checkbox. Enter the desired password that is used for all client authentications.
- Select OK.
- The new mapping is listed in the mapping table. You can use the arrows to adjust the position of the new mapping in the table. In the screen below you can see that the RADIUS Monitor rule has been moved to the first row in the table because it is more granular. Select Save to save your changes.
- Select the Enforce button beneath the left-panel menu to enforce the new configuration to your engine groups.
Any authentication request coming from an IP address that matches the list of RADIUS monitor clients will be authenticated using the password you provided in the AAA mapping. In these cases, the username does not matter. The password configured will not be able to be used for authentication from any other part of the network. The ExtremeControl engine responds back with a basic accept to any RADIUS monitor client’s RADIUS request.
For information on related help topics: