Configuring an external, Radius server for optimal switch support – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

120

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Viewing and configuring switch WLANs

4

NOTE

The RADIUS or NAC server’s Timeout and Retries should be less than what is defined for an MU’s
timeout and retries. If the MU’s time is less than the server’s, a fall back to the secondary server will
not work.

7. Refer to the Accounting field and define the following credentials for a primary and secondary

RADIUS Server.

8. Select the Re-authentication checkbox to force a periodic re-authentication with the RADIUS

server. Periodic repetition of the authentication process provides ongoing security for currently
authorized connections. Define an interval between 30 and 65535 seconds.

9. Refer to the Advanced field to define the authentication protocol used with the RADIUS Server.

10. Click OK to save the changes made to this screen.

11. Click Cancel to revert back to the last saved configuration and move back to the

Network > Wireless LANs > Edit screen.

Configuring an external RADIUS Server for optimal switch support
The switch’s external RADIUS Server should be configured with Brocade Mobility RFS7000-GR
Controller specific attributes to best utilize the user privilege values assignable by the RADIUS
Server. The following two values should be configured on the external Server for optimal use with
the switch:

Accounting Server
Address

Enter the IP address of the primary and secondary server acting as the RADIUS
accounting server.

Accounting Port

Enter the TCP/IP port number for the primary and secondary server acting as the
RADIUS accounting data source. The default port is 1813.

Accounting Shared
Secret

Provide a shared secret (password) for user credential authentication with the
primary or secondary RADIUS accounting server.

Accounting Timeout

Enter a value (between 1 and 300 seconds) to indicate the number of elapsed
seconds causing the switch to time out a request to the primary or secondary
accounting server.

Accounting Retries

Enter a value between 1 and 100 to indicate the number of times the switch
attempts to reach the primary or secondary RADIUS accounting server before
giving up.

Accounting Mode

Use the Accounting Mode drop-down menu to define the accounting mode as
either Start-Stop, Stop Only

or Start-Interim-Stop. Define the interval (in seconds)

used with the selected accounting mode.

PAP

PAP - Password Authentication Protocol sends a username and password over a
network to a server that compares the username and password to a table of
authorized users. If the username and password are matched in the table, server
access is authorized.

CHAP

CHAP is an encrypted authentication method based on Microsoft's
challenge/response authentication protocol.

DSCP/TOS

Optionally mark packets with a DiffServ CodePoint (DSCP) in its header. The DSCP
value is stored in the first 6 bits of the Type of Service (ToS) field that is part of the
standard IP header. The DCSP values are associated with a forwarding treatment
called Per Hop Behaviors (PHB). Service can be provisioned (if necessary) by
assigning a DCSP point code from 1 - 6.