Professional Documents
Culture Documents
1 Update
Data Center
Capacity & Applications
VX 9000 - Virtualized
Branch / Small Campus Campus Adoption Capacity = 25,600
Performance
©2017 Extreme Networks, Inc. All rights reserved
General Release Information
▪ Access Point Supported in WiNG 5.9.1
Indoor Outdoor
AP8432 AP8163
AP81XX (EOS) AP8533 AP7161 (EOS in EU
High Tier AP7562
AP8232 (EOS) and US, ASIA EOS Oct
2017)
AP7532
AP6532 (EOS) AP6562 (EOS Oct
Mid Tier AP7522 AP7662
2017)
AP7632
Part U SC A N LA TA M EM EA List A PA C
Product N am e Product N am e
N um ber List Price List Price Price List Price
Part
Product N am e General Availability:
N um ber
37215 PW R 12V D C ,2A ,2.5m m x 5.5m m connector
10/25/2017, Software: WiNG 5.9.1
(37101) AP-7612-680B30-US
(37102) AP-7612-680B30-WR
Extended Temperature
for warehousing
▪ 802.11ac 2x2:2 MU-MIMO - HT20/40/80 MHz ▪ 802.11ac 2x2:2 MU-MIMO - HT20/40/80 MHz
▪ Bluetooth Low Energy (BLE) v4.2, & IEEE 802.15.4 compliant ▪ BLE v4.2, and IEEE 802.15.4 compliant
▪ Operating Temp: 32° F to 104° F/ 0° C to 40° C ▪ Operating Temp: -4° F to 140° F/ -20° C to 60° C
▪ Weight: 14.2 oz/0.4 kg ▪ Weight: 24.7 oz, 0.7 kg
▪ Size: 6.3 in diameter x 1.7 in ,161 mm diameter x 48.5 mm, ▪ Size: 6.9 in x 5.0in x 1.2 in, 175 mm x 128 mm x 26.9 mm
▪ 1x IEEE 802.3 Gigabit Ethernet auto-sensing
▪ Console Port: RJ45 ▪ 1x IEEE 802.3 Gigabit Ethernet auto-sensing
▪ Plenum-rated housing (UL2043) - via Ceiling mount ▪ Console Port: RJ45
▪ TxPWR 1 TX: 2.4GHz : 23dBm; 5GHz: 23dBm ▪ Plenum-rated housing (UL2043)
▪ TxPWR 2 TX: 2.4GHz : 26dBm; 5GHz: 26dBm ▪ TxPWR 1 TX 2.4GHz: 20dBm; 5GHz: 20dBm
▪ Internal Antenna: 4dBi - 2.4 GHz band; 6 dBi - 5GHz band, BTLE ▪ TxPWR 2 TX 2.4GHz: 23dBm; 5GHz: 23dBm
– 3 dBi ▪ 3x RP SMAs: 2 dual band ports (diplex antennas), 1 BTLE
▪ PoE: 802.3af ▪ USB 2.0
▪ PoE: 802.3af, 802.3at (needed for USB only)
W iN G bracket 37201 M ounting Plate for Indoor A Ps (included in A P Box) - only order for spares
U niversalM ounting Kit KT-135628-01 U niversalM ounting Kit for EW LA N A Ps (com patiblity w ith legacy installs) Mounting Options
Flat M etalW iN G Bracket 37210 Flat M etalIndoor Bracket (new bracket see Q IG )
Option A:
Beam C lip BRKT-000147A -01 A P 7532,A P 7522 BEA M C LIP (com patiblity w ith legacy installs) Mounting Plate ships in the Box
Bracket A dapters BRKT-000167A -01 A P-7532-7522 Bracket A dapter W allM ount (legacy installs)
AP backward compatibly WiNG mounting gear
- Universal Mounting Kit
W S-M BI-D C M TR01 D rop C eiling M ulti-T RailBracket.A ccom m odates 9/16", - Beam Clip
D rop C eiling M ulti-Tbar 30518 15/16" and 1.5" w ide T-bars (need to rem ove the M oum ting plate included
in box)
Option B:
W allm ount 30516 W S-M BI-W A LL04 (need to rem ove the M oum ting plate included in box)
- remove the mounting plate in box
PoE m id-span injector A P-PSBIA S-2P2-A FR IEEE802.3af G igaBit PO E injector - Wall Mount - WS-MBI-WALL04 – wall mount
A P-PSBIA S-2P3-A TR 802.3at G b PoE Injector
- Drop Ceiling - WS-MBI-DCMTR01
PoE m id-span injector
Pow er Supply,w allbrick 37215 PW R 12V D C ,2A ,2.5m m x 5.5m m connector
©2017 Extreme Networks, Inc. All rights reserved
EWW AP 7662 – Outdoor Wave 2
▪ Replaces AP 6562, EOS announcement Oct 2017
AP 7662
8.5” x 8.5”
▪ 802.11ac 2x2:2 MU-MIMO - HT20/40/80 MHz ▪ 802.11ac 2x2:2 MU-MIMO - HT20/40/80 MHz
▪ Bluetooth Low Energy (BLE) v4.2 & IEEE 802.15.4 compliant ▪ Bluetooth Low Energy (BLE) v4.2 and IEEEWave
802.15.42compliant
with IOT Expansion
▪ Operating Temp:-40° F to 158° F/ -40° C to 70° C ▪ Operating Temp:
▪ Weight: 2.4 lbs/ 1.1 kg ▪ Weight: 2.8 lbs/ 1.3 kg
▪ Size:8.6" x 7.1" x 2.7" - 218 mm x 180 mm x 69mm ▪ Size: 8.6" x 7.8" x 2.7" - 218 mm x 198 mm x 69mm
▪ 2x IEEE 802.3 Gigabit Ethernet auto-sensing ▪ 2x IEEE 802.3 Gigabit Ethernet auto-sensing
▪ TxPWR 1 TX 2.4GHz: 23dBm; 5GHz: 23dBm ▪ TxPWR 1 TX 2.4GHz: 20dBm; 5GHz: 20dBm
▪ TxPWR 2 TX 2.4GHz: 26dBm; 5GHz: 26dBm ▪ TxPWR 2 TX 2.4GHz: 23dBm; 5GHz: 23dBm
▪ Internal Antenna: 4.3 dBi - 2.4 GHz band; 5.3 dBi - 5GHz band, 3 dBi - BTLE ▪ External Antennas:
▪ IP67 ▪ Five N-Type connectors, (2) 2.4 GHz, (2) 5 GHz, 1 BTLE
▪ Internal GPS ▪ IP67
▪ PoE: 802.3at ▪ Internal GPS
▪ PoE: 802.3at
Ordering Info:
Ordering Info:
(37121) AP-7662-680B30-US
(37123) AP-7662-680B40-US
(37122) AP-7662-680B30-WR Transportation Manufacturing
(37124) AP-7662-680B40-WR
Retail Hospitality Logistics
Mounting Options
Option A:
▪ Pole Mount WS-MBO-POLE01
▪ Wall Mount – WS-MBO-H01
A ccessories Part N um ber Product D escription
▪ 10” Extension Arm (30514) – needs pole
H -Type M ounting B racket 30 519 W S-M B O -H 0 1 H -Type M tg B rkt (used for ceiling or w allm ount)
▪ Mounting bracket (30514)
Pole M ountim g B racket 30 520 W S-M B O -PO LE0 1 Pole M tg B rkt (used for m ounting on pole)
10 " Extenstion A rm 30 514 W S-M B O -A R T0 1 2 A xis Ext.M tg B kt
Legacy M ount K it K T-14740 7-0 1
Option B:
O U TD O O R A P M O U N TIN G H A R D W A R E K IT (can use existing W iN G M ounting hardw are)
Existing Extension A rm K T-150 173-0 1 O U TD O O R A P 12 IN EX T A R M FO R M N TG K IT
Legacy WiNG mounting gear
PoE O utdoor injector,U S A P-PSB IA S-7161-U S O U TD O O R PO E IN JEC TO R U S ▪ Pole – KT-147407-01
PoE O utdoor injector,W W A P-PSB IA S-7161-W W O U TD O O R PO E IN JEC TO R R O W ▪ Extension Mt – KT-150173-01 - needs pole
Legacy Pole M ount K T-153143-0 1 O U TD O O R PO E M O U N TIN G K IT ▪ Mounting bracket (KT-147407-01)
7632i/e
AP-6522 (/E)
7662i/e
AP-6562 (/E)
7612
AP-7502 (/E)
©2017 Extreme Networks, Inc. All rights reserved
New APs - Caveats
▪ Features NOT supported in 5.9.1
Following features are NOT supported for 7612 | 7632 | 7662 in the 5.9.1 release:
▪ BTLE radio
▪ Cisco Phones with WMM
▪ Sensor (both dedicated and RadioShare)
▪ Client Bridge
▪ MeshConnex
▪ MU-MIMO
▪ Tx Beamforming
▪ RSSI Feed API
▪ PPPOE
▪ L2oGRE tunnels
▪ VRRP
▪ OSPF
▪ NSight sensor (AP Test, Advanced Spectrum Analysis)
▪ WeChat integration
256
▪ WiNG 5.9.1 increased RF Domain Manger scaling for controller-
less sites from 128 to 256 APs, only if RF Domain Manager is
AP8432, AP8533 or AP7632. Maximum number of clients per RF
Domain is 4,096 (statistics aggregation) 128
10K
©2017 Extreme Networks, Inc. All rights reserved
WiNG 5.9.1 – WiNG Scaling
▪ VX9000 Elastic Storage Support
▪ VX9000 ISO file on 5.9.0.1 and 5.9.1.0 has been updated to support Elastic Storage
(Logical Volume Group). This allows to expand the hard disk size of the VM instance
after the VX is installed.
– Allows to easily expand storage on as-needed basis for storage hungry services like NSight
and ExtremeGuest
– Allows to expand both primary (max 2 TB in size) and secondary storage (allows disk size
>2TB)
– Allows to dynamically increase storage by adding new drives (up to 5 per instance)
▪ Caveats
– No backward compatibility for upgrades. New VX9000 installation is required.
– no downgrade below 5.9.0.1.
– Supported Hypervisors: VMWare ESXi, MS Hyper-V.
– Not supported on XenServer and Amazon EC2
vx9000-2#virtual-machine volume-group ?
add-drive Add drive to volume group
replace-drive Replace drive in volume group
resize-drive Resize [increase] physical drive in volume group
resize-volume-group Resize [increase] volume group
▪ Enterprise UI has new Wizard added for simplified configuration of “Dynamic Virtual
Controller”.
▪ For older APs / low tier APs VC rules are the same as pre-5.9.1 – same AP model
management only.
High Tier APs can manage themselves, and any lower tier APs
High Tier
8533 8432
7562 7662
Mid Tier
7532
7632
7522
Must switch AP to Enterprise UI for HetVC
AP8533
AP8432
AP7632
AP7662
AP7522
AP7532
AP7562
Access Points not mentioned in the table above use old VC rules – same AP model management only!
▪ For simplified Access Point image upload, upload from local PC is now supported
instead of remote TFTP/FTP/SFTP server.
▪ Since Access Points have smaller flash space than controllers, firmware upgrade
procedure in mixed environments has to be planned carefully:
– Same family APs have the same firmware image:
AP Type Image Name, Image Size and Available Flash space
AP8533 cedar.img, image size ~35MB, available flash space – 84MB
AP8432 cypress.img, image size ~35MB, available flash space – 84MB
AP7632 | AP7662 willow.img, image size ~36MB, available flash space – 84MB
AP7522 | AP7532 | AP7562 birch.img, image size ~38MB, available flash space – 84MB
5 6
4
Bonjour Gateway in WiNG today allows to limit type of bonjour services can be discovered and advertised back to
wireless clients, like AirPlay vs AirPrint vs AirTunes etc.
Challenge:
▪ In large enterprise environments with hundreds of bonjour servers available in the same network it becomes
impossible for the end-users to select the right server and for the admin to limit which servers a user is allowed
to use based on his/her location.
▪ Use-Case Example:
– Limit access to certain print servers based on AP location, i.e. Marketing vs Sales vs Engineering
– Limit access to certain media servers for screen sharing based on the Meeting room ID / Floor number
Solution:
▪ Wing 5.9.1 solves this problem by introducing a feature to limit discovered services not only based
on service type, but also based on server name.
▪ Use-Case Example:
– Allow access to Media servers using AirPlay if name contains Marketing-Share*
– Allow access to Print Servers using AirPrint located on the second floor if server name contains FL2*
▪ Bonjour Server needs to follow certain naming convention to define its location:
vx9k##show bonjour services on ap8533-0709C4
----------------------------------------------------------------------------------------------------------------------------- --------------------
SERVICE_NAME INSTANCE_NAME IP:PORT VLAN-ID VLAN_TYPE EXPIRY
----------------------------------------------------------------------------------------------------------------------------- --------------------
_airplay._tcp.local RFD1-FL2-MediaServer._airplay._tcp.local 192.168.7.79:7000 7 Local Tue Aug 29 14:55:33 2017
----------------------------------------------------------------------------------------------------------------------------- --------------------
▪ Bonjour Discovery policy limits AirPlay service discovery to instances containing “FL2” in their name:
▪ Instance Name can be Aliased (String Alias is used, like $PRINT-SERVER) for large scale deployments. Aliases can
be defined under RF Domain, Profile or Device level
Dynamic MeshConnex:
▪ Designed specifically to address challenges in rail deployments to interconnect multiple train cars
independently of the train orientation
– Train can change configuration. Train cars can be exchanged between trains
– Train can change orientation.
– Generic Mesh solutions tend to be more static and require a lot of manual tweaking and intervention.
▪ Auto-Proximity uses the same AP profile across the whole trainset(s) and dynamically
adjusts based on trainset configuration and orientation
– APs/Antennas need to be mounted with overlapping coverage between peers in different
train cars, with little to no signal overlap within the same train car.
– Hysteresis thresholds should be used to only allow closest neighbors to form mesh pair
based on RSSI level, sustained RSSI over time, SNR delta. This will prevent accidental ping-
pong at train stations where multiple trains are docked close to each other!
▪ WiNG 5.9.1 adds support for Broadcom based 802.11ac Access Points: AP7522,
AP7532, AP7562, AP8432, AP8533.
▪ WiNG AP is forwarding Aeroscout Multicast tag info to the Aeroscout RTLS engine. Each
radio is scanning on the operating channel
▪ Additionally, WiNG 5.9.1 allows to define Aeroscout engine IP address and Port number.
Previously Aeroscout engine needed to have all IP addresses of APs listed to let them
know where to forward data.
controller#conf
Enter configuration commands, one per line. End with CNTL/Z.
controller(config)#profile anyap GENERIC-PROFILE
controller(config-profile-GENERIC-PROILE)#interface radio <1|2>
controller(config-profile-GENERIC-PROILE-if-radioX)#aeroscout forward ip <AS engine IP> port <port>
controller(config-profile-GENERIC-PROILE-if-radioX)#aeroscout mac <MAC to be forwarded, default is 01-0C-CC-00-00-00>
controller(config-profile-GENERIC-PROILE-if-radioX)#commit write
▪ WiNG 5.9.1. adds an option to perform MAC Auth for Guest VLAN (MINT / L2TPv3
tunnel or directly switched)
HTTPS POST
clients behind MINT or L2TPv3 tunnels
Capture & Redirection
1.G uest U ser is connected to an O PEN SSID attached to the G uest V LA N .A P can
be W iN G or any 3rd party A P.
CP R A D IU S
3.If guest device is new ,M A C A uth w illfailand guest w illbe redirected by the
W iN G device to Extrem eG uest hosted Splash Page
H TTP(S)
R edirect CP
H TTP(S) G ET
registration.htm l
4.A fter guest registration is com pleted (either using form or any SocialM edia
A uthentication),guest device is added to Extrem eG uest database and access to
the internet is allow ed
Success!R edirect to
W elcom e Page CP
4.A fter guest registration is com pleted (either using form or any SocialM edia
A uthentication),guest device is added to Extrem eG uest database and access to
the internet is allow ed
Success!R edirect to
W elcom e Page CP
▪ Verify
extremeguest-server#show database status
--------------------------------------------------------------------------------
MEMBER STATE ONLINE TIME
--------------------------------------------------------------------------------
localhost PRIMARY 0 days 0 hours 1 min 11 sec
--------------------------------------------------------------------------------
Authentication: Disabled Authentication User: None
--------------------------------------------------------------------------------
[*] indicates this device.
▪ Verify:
extremeguest-server#show eguest status
-----------------------------------
pid process
-----------------------------------
2817 gmd
2927 acct_server
2940 regserver
2986 guest_manager
3130 acct_server
3136 acct_server-helper
21425 guest_manager
27266 radiusd
▪ Verify:
extremeguest-server#show licenses
Serial Number : 1E150A63850635FC
Device Licenses:
AP-LICENSE
String :
Value : 0
Borrowed : 0
Total : 0
Used : 0
AAP-LICENSE
String : VX-DEFAULT-64AAP-LICENSE
Value : 64
Borrowed : 0
Total : 64
Used : 0
ADVANCED-SECURITY
String : DEFAULT-ADV-SEC-LICENSE
EGUEST-DEV
String : c87deb7553ebbb25e76a1c85001fe4f5f4fd18e508d6610751086370718a5c3da631a19b85584c74
Value : 128
nx7500-1#conf
Enter configuration commands, one per line. End with CNTL/Z.
nx7500-1(config)#captive-portal ExtremeGuest
nx7500-1(config-captive-portal-ExtremeGuest)#server host <virtual FQDN>
nx7500-1(config-captive-portal-ExtremeGuest)#use aaa-policy ExtremeGuest
nx7500-1(config-captive-portal-ExtremeGuest)#accounting radius
nx7500-1(config-captive-portal-ExtremeGuest)#webpage-location external
nx7500-1(config-captive-portal-ExtremeGuest)#webpage external welcome http://www.extremenetworks.com
nx7500-1(config-captive-portal-ExtremeGuest)#webpage external fail http://eguest.wingguestaccess.com/splash/templates/eguest-wired/fail.html
nx7500-1(config-captive-portal-ExtremeGuest)#webpage external acknowledgement http://eguest.wingguestaccess.com/splash/templates/eguest -
wired/acknowledgement.html
nx7500-1(config-captive-portal-ExtremeGuest)#webpage external registration http://eguest.wingguestaccess.com/splash/templates/eguest -
wired/registration.html?oauth-config=default&mac=WING_TAG_CLIENT_MAC&wlan=hostname-vlan-X&rfd=WING_TAG_RF_DOMAIN&cps=1®type=device
nx7500-1(config-captive-portal-ExtremeGuest)#commit write
hostname-vlan-X:
hostname = hostname of the wired WiNG device doing captive portal redirection. In cluster use “location” name under RF Domain.
X = vlan ID used for captive portal unauthenticated clients
Example: nx7500-1-vlan-7
nx7500-1#conf
Enter configuration commands, one per line. End with CNTL/Z.
nx7500-1(config)#dns-whitelist ExtremeGuest
nx7500-1(config-dns-whitelist-ExtremeGuest)#permit <IP or FQDN of ExtremeGuest server>
nx7500-1(config-dns-whitelist-ExtremeGuest)#exit
nx7500-1(config)#captive-portal ExtremeGuest
nx7500-1(config-captive-portal-ExtremeGuest)#use dns-whitelist ExtremeGuest
nx7500-1(config-captive-portal-ExtremeGuest)#commit write
▪ Step 2.5 – Enable MAC Auth + Captive Portal fallback on the Extended VLAN
▪ Add Bridge VLAN on the NX device, enable MAC Auth with Captive Portal Fallback, enable L2TPv3 concentrator
nx7500-1#conf
Enter configuration commands, one per line. End with CNTL/Z.
nx7500-1(config)#profile nx7500 DMZ-NX7510
nx7500-1(config-profile-DMZ-NX7510)#bridge vlan 7
nx7500-1(config-profile DMZ-NX7510-bridge-vlan-7)#mac-auth
nx7500-1(config-profile DMZ-NX7510-bridge-vlan-7)#use captive-portal ExtremeGuest
nx7500-1(config-profile DMZ-NX7510-bridge-vlan-7)#captive-portal-enforcement fallback
nx7500-1(config-profile DMZ-NX7510-bridge-vlan-7)#l2-tunnel-broadcast-optimization
nx7500-1(config-profile DMZ-NX7510-bridge-vlan-7)#exit
nx7500-1(config-profile-DMZ-NX7510)#mac-auth use aaa-policy ExtremeGuest
nx7500-1(config-profile-DMZ-NX7510)#l2tpv3 tunnel GUEST
nx7500-1(config-profile DMZ-NX7510-l2tpv3-tunnel-GUEST)#peer 1 hostname any router-id any
nx7500-1(config-profile DMZ-NX7510-l2tpv3-tunnel-GUEST)#session GUEST pseudowire-id 7 traffic-source vlan 7
nx7500-1(config-profile DMZ-NX7510-l2tpv3-tunnel-GUEST)#commit write
▪ Enable L2TPv3 client from the AP / WiNG controller or any 3rd party device compliant with RFC:
▪ Step 2.6 – Enable MAC Auth + Captive Portal fallback on the Wired Ports
▪ Enable MAC Auth with Captive Portal Fallback on the “guest” ports as required:
nx7500-1#conf
Enter configuration commands, one per line. End with CNTL/Z.
nx7500-1(config)#profile nx7500 DMZ-NX7510
nx7500-1(config-profile-DMZ-NX7510)#interface ge7
nx7500-1(config-profile DMZ-NX7510-if-ge7)#mac-auth
nx7500-1(config-profile DMZ-NX7510-if-ge7)#captive-portal-enforcement fallback
nx7500-1(config-profile DMZ-NX7510-if-ge7)#exit
nx7500-1(config-profile-DMZ-NX7510)#commit write
Group Name should be EQUAL to “wlan=” query tag value sent to the ExtremeGuest during client redirection, e.g.:
http://eguest.wingguestaccess.com/splash/templates/eguest-wired/registration.html?oauth-config=default&mac=WING_TAG_CLIENT_MAC&wlan=nx7500-1-vlan-
7&rfd=WING_TAG_RF_DOMAIN&cps=1®type=device
vx9000-1799B2#dir flash:/eguest/default_splash_templates/
Directory of flash:/eguest/default_splash_templates/
def_spl_tem_accept_n_connect_w_Fb_GPlus.tar
def_spl_tem_accept_n_connect.tar
def_spl_tem_accept_n_connect_w_Fbci_Fb_GPlus_In_Inst.tar
def_spl_tem_accept_n_connect_w_terms_link.tar
def_spl_tem_reg_form_n_Fb_GPlus_In_n_login.tar
def_spl_tem_reg_form_n_Fb_GPlus_In_n_login_w_forgot_passc
ode.tar
def_spl_tem_accept_n_connect_w_email.tar
def_spl_tem_reg_form_n_Fb_GPlus_In.tar
▪ With any registration type it is possible to enable Social Media Login on the captive portal
using Facebook / Facebook CheckIn / Google+ / Instagram / LinkedIn
▪ Social Media authentication / public profile pull is done by the ExtremeGuest server (using
PHP SDK)
▪ Social media App IDs needs to be added to the splash page template before template is uploaded
to the ExtremeGuest, as well as Social configuration on ExtremeGuest UI.
▪ No need for bypass captive-portal-detection, as PHP SDK works within the same page
– Warning: Google+ will detect mini browser via User Agent and will NOT allow authentication, unless full
browser is used.
▪ https://developer.facebook.com
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=facebook
©2017 Extreme Networks, Inc. All rights reserved
WiNG 5.9.1 Guest Access
▪ ExtremeGuest – Social Media Authentication – Creating Facebook Application
▪ https://console.developers.google.com
Credentials > Create Credentials > OAuth Client ID > Web Application :
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=google&hauth.done=Google
▪ https://www.instagram.com/developer/
Manage Clients > Register New Client:
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=instagram&hauth.start=Instagram
▪ https://www.linkedin.com/developer/apps/
Create Application:
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=linked_in
▪ Instagram:
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=instagram&hauth.start=Instagram
▪ Facebook
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=facebook
▪ LinkedIn:
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=linked_in
▪ Google+:
http(s)://{ExtremeGuest_real_FQDN}/splash/templates/social_signin.php?captive-
portal={Splash_Template_Name}&provider=google&hauth.done=Google
GOOGLE+:
accounts.google.com
apis.google.com
content.googleapis.com
oauth.googleusercontent.com
ssl.gstatic.com
LINKEDIN:
linkedin.com suffix
static.licdn.com
INSTAGRAM:
instagram.com suffix
instagramstatic-a.akamaihd.net suffix
©2017 Extreme Networks, Inc. All rights reserved
WiNG 5.9.1 Guest Access
▪ ExtremeGuest – Social Media Authentication – Splash Page Template Edit
▪ To enable Social Media Authentication add App IDs to the social_config.php file
in the root template directory. Example:
<?php
$providers_list = array (
"Facebook" => array (
"enabled" => true,
"keys" => array ("id" => “{APP-ID}", "secret" => “{APP-SECRET}"),
"scope" => "email, public_profile",
"trustForwarded" => true
),
"Google" => array (
"enabled" => true,
"keys" => array ("id" => “{APP-ID}", "secret" => “{APP-SECRET}"),
"scope" => "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
),
"Linked_In" => array (
"enabled" => true,
"keys" => array ("id" => “{APP-ID}", "secret" => “{APP-SECRET}"),
),
"Instagram" => array(
"enabled" => true,
"keys" => array("key" => “{APP-ID}","id" => “{APP-ID}","secret" => “{APP-SECRET}")),
);
$debug_mode = true;
?>
▪ Registration/Login page will have buttons pointing to the individual Social Media
providers in the social_config.php. Example:
<div class="footer">
<ul class="intro-social-buttons">
<span class="tooltip">
<input type="button" class="facebook-button" onClick="redirectTo('facebook')" />
<span class="tooltiptext">Facebook</span></span>
<span class="tooltip">
<input type="button" class="google-button" onClick="redirectTo('google')" />
<span class="tooltiptext">Google+</span></span>
<span class="tooltip">
<input type="button" class="instagram-button" onClick="redirectTo('instagram')" />
<span class="tooltiptext">Instagram</span></span>
<span class="tooltip">
<input type="button" class="linkedin-button" onClick="redirectTo('linked_in')" />
<span class="tooltiptext">LinkedIn</span></span>
</ul>
function redirectTo(provider) {
if (php_helper)
hrefstr = window.location.protocol + "//" + php_helper + ":880/social_signin.php";
else
hrefstr = "../social_signin.php";
WWW.EXTREMENETWORKS.COM