Deploying an Identity Aware Network
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Extreme Networks Application Note
4.2. Identity Monitoring
4.2.1. Configurations for Backend Servers
The following table lists the requirements and configurations to be completed in the backend servers.
Table 4:
3 IP Address: 192.168.0.10/24
Microsoft Windows
2003 Server
Web Applications Server
CRM Applications Server
Please refer to the steps and configurations described in the document “Application Note:
Using ExtremeXOS NetLogin with Microsoft IAS” to setup the server to perform the following
functions:
3 Remote Access Policy to authenticate John Smith (username: john_smith) and Bob Stone
(username: bob_smith) using EAP-MD5-Challenge. Upon successful authentication,
authorization for VLAN corp membership should be granted using Extreme-NetLogin-VLAN-ID
VSA.
3 Remote Access Policy to authenticate Alice Duff (username alice_duff) and authorization to
VLAN webapps upon successful authentication.
3 Remote Access Policy to authenticate Mary Hughes (username: mary_hughes) and
authorization to VLAN crmapps upon successful authentication.
3 Remote Access Policy to authenticate the following MAC addresses – 00:00:00:FE:ED:01,
00:00:00:FE:ED:02, and 00:04:96:28:01:8D using PAP. Upon successful authentication,
access to VLAN corpvoice should be granted using Extreme-NetLogin-VLAN-ID VSA.
3 IP Address: 192.168.1.10/24
3 Any operating system could be used
3 IP Address: 192.168.2.10/24
3 Any operating system could be used
4.2.2. Edge Switch Configuration
We will now proceed to configure the Summit X250e-24p switch. It is recommended to keep the following information handy
in order to complete the edge switch configuration.
Edge Switch IP 10.127.2.18
Authentication Server IP 192.168.0.10
VLAN Name Tag IP/Subnet/Notes
corp 2 IP: 192.168.0.1/24
corpvoice 3
webapps 5 IP: 192.168.1.1/24
authvlan 7 VLAN used by NetLogin
crmapps 8 IP: 192.168.2.1/24
In addition to configuring the Identity Management module, the NetLogin module, VLAN and AAA modules will also need to
be configured. Configuration of the VLAN module will provide reachability to backend authentication servers, and will also
create various user VLANs in the switch. Configuration of the AAA module will provide the switch with one or more RADIUS
servers to contact for authentication. The NetLogin module will provide for all the authentication methods and uses the AAA
infrastructure to authenticate and authorize clients.
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 9