Filter
Top Products
88 Summit 300-48 Switch Software User Guide
Unified Access Security
Policy Examples
The following examples suggest typical uses of network security policies.
Example. You want to give employees complete network access but limit access to visitors. The
solution is to base network access on the authentication method, as indicated in Table 29.
NOTE
Not all methods can be used at the same time on the same interface.
Example. You want to restrict user access to certain locations or times. The solution is to include the
access point as a component of network access and include time restrictions for certain locations.
Policies and RADIUS Support
The authentication features of the Summit 300-48 switch are tightly integrated with RADIUS. You can
specify the following types of RADIUS access control policies:
• User-based — 802.1x requests provide the RADIUS server with the user name and password. Based
on the user name, the RADIUS server sends back authentication information, including allow/deny,
assigned VLAN, and VLAN tag.
• Location-based — You can configure a location string for each wireless port. The location is sent to
the RADIUS server as a vendor-specific attribute. The RADIUS server uses this information to
determine the access policy.
RADIUS Attributes
Table 30 lists the attributes are included in each request for access:
Table 29: Authentication-Based Network Access Example
Authentication Method User Placement
802.1x with dynamic WEP Internal VLAN
TKIP with pre-shared keys PSK VLAN
WEP WEP VLAN
Fails 802.1x authentication Deny access
Table 30: RADIUS Request Attributes
Attribute Description
User-Name User name for dot1x or MAC address
User-Password User-specified for dot1x or blank
Service-Type Value is login (1)
Vendor-Specific Contains EXTREME_USER_LOCATION, and the value is as configured
by the user for the location of each wireless port