Configure a wireless access console.
Navigate using the tab icons. Hover over an icon to see the name of the tab.
Configure > Network Policies > policy_name > Additional Settings > Network Services > Access Console
Configure > Common Objects > URL Filtering Rules Detail
An access console is a special SSID that provides wireless console access to an Extreme Networks device when it is not accessible through the wired network. To connect to the access console wirelessly, you can use SSH or—if enabled—Telnet. This is especially useful in cases where the device is mounted in a place where attaching a physical console cable to it is very difficult. When the access console is enabled, the device creates an SSID for accessing it on interfaces that are in access mode—wifi0, wifi1, or both. The device also acts as a DHCP server, dynamically providing an IP address to the wireless client that accesses it. See "Access Consoles".
A default access console SSID is enabled on all devices. The default SSID name is “<hostname>_ac”, where <hostname> is the host name of the device. The default host name of a device consists of "AH-" plus the last six digits of its MAC address; for example, AH-02f640. In this case, the name of the default access console SSID would be "AH-02f640_ac". The access console SSID uses WPA-AES-PSK authentication with aerohive (the default admin password) as the preshared key.
To reach the default access console, connect to the SSID “<hostname>_ac”. Then check the IP address of the default gateway that the DHCP server on the device assigned your client. Make an SSH or Telnet connection to the device at that IP address and use the default Extreme Networks login name and password (admin, aerohive) as your credentials when prompted. (If you need to reach the access console later and have already changed your admin name and password, use your current login credentials instead of the default ones.)
When you enable the access console, the maximum number of SSIDs for each radio in access mode is reduced by one to reserve space for the creation of an access console SSID. For example, if both the wifi0 and wifi1 interfaces—and their respective radios—are in access mode, the maximum number of SSIDs on a AP300-series device is reduced from 16 to 14 (8 to 7 SSIDs per access radio).
Configure the Access Console
In a network policy, the access console is disabled by default. To enable it, move the Access Console toggle to ON. You next have two options: reuse an existing access console configuration object or define and save a new one.
To reuse existing access console settings, select next to Re-use Access Console Settings, select an item from the Access Console dialog box, and then choose Select.
To create a new access console configuration, enter the following and then select Save:
Name: The name for the access console.
Description: Enter an optional note. The note can contain up to 64 characters, including spaces.
Mode: Indicates whether the access console is set to be enabled automatically (auto), manually enabled (enable), or manually disabled (disable).
Access Security: The security protocols used are based on the IEEE 802.11w standard that establishes encryption protocols for APs to authenticate themselves to clients, and help to secure the WLAN from various types of attacks, such as spoofing. This section allows you to configure and manage encryption keys that are part of the process. To enable and configure the settings, select one of the options. Depending on the method you select, the rest of the options will change.
Select one of the following:
WPA-(WPA or Auto)-PSK: Choose to use WPA for key management on Extreme Networks devices introduced before IQ Engine 6.1r5; and for Extreme Networks devices introduced in IQ Engine 6.1r5 or later, to negotiate the use of WPA2 or WPA with the clients associating with them.
WPA2 -(WPA2 Personal)-PSK: Choose to force clients to use the WPA2 key management scheme. WPA supports PMK caching and preauthentication where WPA does not.
Auto-(WPA or WPA2)-PSK: Choose to negotiate the use of WPA2 or WPA with clients based on which version they support.
Open: Unsecured network access.
Encryption Method: The method that the device and client use when encrypting traffic CCMP (AES) or TKIP.
ASCII Key: When using one of the preshared key options, enter the key here. It can be from 8 to 63 ASCII characters long. To ensure the accuracy of the key, re-enter it in the Confirm ASCII Key field. If you want to see the text that you enter, clear the Obscure ASCII Key check box.
Max Client Limit: Set the maximum number of wireless clients that can connect to the access console concurrently. The default is 2. You can change it to any number between 1 and 64.
Hide the SSID in beacons and probe responses: Select the check box so that the device does not announce the SSID for the access console in its beacons or in its responses to clients' probes when it is available. Clear the check box to include the access console SSID in beacons and probe responses. By default, it is hidden.
Enable Telnet Access: Select the check box to enable Telnet connectivity to the device through the access console.
Each MAC filter either permits or denies traffic from the specified MAC address or OUI. The table on IP Object and Host Names displays the following information:
MAC Object: The descriptive name of the MAC filter.
Action: Select Permit to allow traffic from clients that do not match one of the selected filters, or Deny to block traffic from clients that do not match any of the selected MAC filters.
You can add or select existing MAC filters to filter the traffic arriving on the access radio channel for this SSID by source MAC address or OUI (organizationally unique identifier). For example, you might set MAC filters to permit wireless traffic coming only from the MAC addresses of a certain group of administrators' laptops or from the MAC OUI of a certain type of computer that only those administrators use.
To select a previously-defined MAC filter and add it to the MAC Filters table, select a MAC filter from the drop-down list and then select Add. You can use the action specified in the first filter that you add to determine the default filtering action and which other MAC filters you add. For example, if the action in the first filter you add is "Permit", then make the default filtering action for traffic arriving on the access radio channel "Deny"; that is, a device only permits traffic originating from the MAC address or MAC OUI specified in the MAC filter, and it denies traffic from all other sources. Because the default action is to deny traffic, you might want to add only other MAC filters that permit traffic to the list of MAC filters for the SSID. Similarly, if the action in the first filter is "Deny", then make the default filtering action "Permit" and only add additional MAC filters that also deny traffic from specific MAC addresses or OUIs.
If you do not see a MAC filter that you want to use, select , select a filter by MAC Address or MAC OUI and define it.
Action: Define the action to apply to clients whose MAC address or MAC OUI does not match one of the selected filters. Choose Permit to allow traffic from clients that do not match one of the selected filters, or choose Deny to block traffic from clients that do not match any of the selected MAC filters. Select Save.
Select at the top of the window to select the MAC filter you want to use to update your devices. To update your devices with the Access Console object, select Next. To update your devices at another time, and return to Network Polices, select Cancel.
Copyright © Extreme Networks, Inc. 6480 Via Del Oro, San Jose CA, 95119 USA