724-746-5500 | blackbox.com
Page 114
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
RADIUS Authentication Server
IP Address: 10.1.1.10
Authentication Port: 1812
Shared Secret: radius123
SmartPath AP
RADIUS
Authenticators
(NAS Devices)
10.1.1.0/24 subnet
SSID: corp-wifi
Auto-(WPA or WPA2)-EAP (802.1X)
Supplicants
(Wireless Clients)
User Profile, Attribute, and VLAN:
Emp(1), 1, VLAN 10 (striped yellow)
IT(2), 2, VLAN 20 (solid purple)
Authentication
Requests
Authentication
Replies
The RADIUS authentication server checks
authentication requests against user
accounts stored in its database.
The SmartPath APs act as RADIUS
authenticators, forwarding
authentication requests and replies
between supplicants and the RADIUS
authentication server.
Based on the attributes that the
RADIUS authentication server
returns, the SmartPath
APs assign employees
(user profile = Emp) to
VLAN 10 and IT staff
(user profile = IT) to
VLAN 20.
Figure 9-6. Authentication requests and replies for wireless clients on two SmartPath APs.
This example assumes that you have already accepted the SmartPath APs for SmartPath EMS VMA management, assigned them
to a WLAN policy that includes a cluster and at least one SSID, and pushed that configuration to them. In other words, the
SmartPath APs are already under SmartPath EMS VMA management by the time you begin the configuration in this example. If
that is not yet the case, see Chapter 8 before continuing.
VLANs and User Profiles
To begin, you create two VLAN objects and then two user profiles, each of which references one of the VLANs. When you
configure the SSID later, you reference both user profiles in the SSID configuration. With this approach, the SmartPath APs apply
different VLANs to traffic from different users based on their corresponding user profiles.
1. To create a VLAN object for employee traffic, click “Configuration > Advanced Configuration > Network Objects > VLANs >
New,” and then enter the following in the VLANs dialog box:
VLAN Name: VLAN-10
Enter the following, and then click “Apply:”
VLAN ID: 10
Type: Global
Setting the type as "Global" means that SmartPath EMS VMA applies the VLAN entry to all SmartPath APs that
include the VLAN object in their configuration—unless you add another VLAN entry to this VLAN object and
assign it a more specific classification type such as a classifier tag, map, or SmartPath AP. Then the SmartPath AP
applies the other VLAN entry if it has the same classifier tag, is on the specified map, or is the specified
SmartPath AP.
Description: VLAN for employees
2. To save the configuration and close the VLANs dialog box, click “Save.”