Modern enterprise networks are no longer just about fast switching and wireless connectivity – they’re about security, identity, and trust. That’s where different methods of AAA come in.
If you’ve ever wondered how 802.1X, RADIUS, and certificates all fit together in an Extreme Networks environment, the workshop we’ve prepared at Versim ATP is something you should definitely consider.
What You’ll learn
Our hands-on workshop walks through multiple layers of interaction between EXOS devices and AAA components like RADIUS, TACACS+ and PKI. We’re going to talk about how all of these things come together to make sure you are ready to build resilient and secure environments, for both wired and wireless deployments.
Most importantly – YOU are going to implement all of these things in our dedicated lab scenario.
Here’s what you can expect:
1. Understanding AAA Fundamentals
You’ll start by exploring the core AAA concepts – how they define who can connect, what they can do, and how their actions are tracked.
We’ll compare how different protocols (RADIUS, TACACS+, LDAP, AD) fit into this picture. We are going to learn how these interact inside an enterprise environment and how EXOS acts as a AAA client, relaying and enforcing the results.
2. 802.1X and access authentication on EXOS
We’ll configure EXOS switches to perform 802.1X authentication, using EAP-TEAP and EAP-TLS methods, by exploring:
• Supplicant-Authenticator-RADIUS message flow.
• Differences between MAC authentication, 802.1X, Web Auth, and VoIP Auth.
• How dynamic VLANs and role-based assignments work.
3. Certificates and PKI in action
After AAA, we’ll move into the world of certificates, where trust and identity meet encryption.
We’ll talk about:
• Public and Private keys, digital certificates, and CA hierarchies.
• Self-signed and CA-issued certificates.
• NTP importance in a PKI infrastructure
You’ll learn the certificate lifecycle – generation, installation, renewal, and revocation – and see what happens when certs expire or are revoked.
4. Revocation and real-time validation
The session continues with an in-depth look at how certificate validity is maintained over time:
• CRLs (Certificate Revocation Lists): static blacklists of revoked certs.
• OCSP (Online Certificate Status Protocol): real-time checks for certificate status.
• The distinct roles of supplicant, RADIUS, and EXOS in revocation checking.
By the end, you’ll understand which component is specifically responsible for different parts of a PKI infrastructure.
5. SSH, HTTPS, and management plane security
We’ll compare how different management protocols use encryption and trust:
• SSH: key pairs, fingerprints – but no X.509 certs!
• RadSec: RADIUS over TLS, providing mutual authentication between EXOS and the RADIUS server.
You’ll see how each layer uses cryptography for different purposes.
6. Authorization and accounting
We’ll also look at what happens after successful authentication:
• How RADIUS attributes or VSAs define roles, VLANs, and access control.
• How EXOS applies Extreme Policy profiles dynamically.
• Accounting logs and command audits for security visibility and compliance.
Why this workshop matters
802.1x and certificates – some of the most secure methods of authentication – but at the same time – quite complex and sometimes easy to misconfigure – leading to more issues than benefits.
With our workshop you’ll put all pieces together and be ready to strengthen your networks, by learning:
• How the switch, supplicant, and RADIUS server interact.
• How certificates enable identity and trust.
• How to troubleshoot authentication and revocation issues with precision.
You’ll leave with a deep and practical understanding of how AAA and PKI work in the real world, specifically within Extreme Networks EXOS environments.
Who should attend
• Network engineers and administrators managing EXOS or ExtremeControl environments.
• Security engineers responsible for certificate or RADIUS infrastructures.
• IT professionals preparing for network security certifications or NAC projects.
Ready to join?
If you’re ready to go beyond theory and see AAA, 802.1X, and PKI come to life on real EXOS switches, this workshop is for you.
Secure access starts with trust.