Reset Search



How to use AAA proxy under WiNG system?

« Go Back


TitleHow to use AAA proxy under WiNG system?
When using centralized network access server you might use AAA proxy to cover whole deployment behind one IP address rather than configure range of NAS clients.
This is also applicable in Layer2 deployments with tunneled VLANs
  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG 5 Software
When using AAA policy you might want to use only single NAS client.
This is possible using proxy mode in aaa-policy
wlan AAA
 ssid AAA
 vlan 88
 bridging-mode local
 encryption-type ccmp
 authentication-type eap
 use aaa-policy AAA

aaa-policy AAA
 authentication server 1 host secret 0 helloextreme
 authentication server 1 proxy-mode through-centralized-controller

Using above setup all access request seen on NAS will be see under controller's IP address even though the originator is AP (NAS-ID = 7532)
User-added image
There is couple of options you may use for proxying
VX(config-aaa-policy-AAA)# authentication server 1 proxy-mode 

  none                            No proxy, send directly using the IP address
                                  of the device (Default)

  through-centralized-controller  Proxy the requests through the centralized
                                  controller that is configuring the network

  through-controller              Proxy the requests through the controller
                                  that is configuring the device

  through-mint-host               Proxy the requests through some MiNT device
                                  on the network

  through-rf-domain-manager       Proxy the requests through the local

Additional notes
If you need to change NAS-IP-ADDRESS or NAS-IDENTIFIER you may either change the RADIUS attribute 4 as described in What is NAS-IP-ADDRESS good for in WiNG configuration? or use proxy attributes
 proxy-attribute nas-identifier originator | proxier 
 proxy-attribute nas-ip-address proxier | originator



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255