beautypg.com

Radius-policy, Radius-group, Chapter 17 – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1048: Chapter 17, radius-policy, Policy commands, see

background image

Brocade Mobility RFS Controller CLI Reference Guide

1039

53-1003098-01

Chapter

17

RADIUS-POLICY

This chapter summarizes the RADIUS group, server, and user policy commands in the CLI
command structure.

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that
enables remote access servers to authenticate users and authorize their access to the network.
RADIUS is a distributed client/server system that secures networks against unauthorized access.
RADIUS clients send authentication requests to the local RADIUS server containing user
authentication and network service access information.

RADIUS enables centralized management of authentication data (usernames and passwords).
When a client attempts to associate to a network, the authentication request is sent to the local
RADIUS server. The authentication and encryption of communications takes place through the use
of a shared secret password (not transmitted over the network).

The local RADIUS server stores the user database locally, and can optionally use a remote user
database. It ensures higher accounting performance. It allows the configuration of multiple users,
and assigns policies for group authorization.

Controllers and access points allow enforcement of user-based policies. User policies include
dynamic VLAN assignment and access based on time of day. A certificate is required for EAP
TTLS,PEAP and TLS RADIUS authentication (configured with the RADIUS service).

Dynamic VLAN assignment is achieved based on the RADIUS server response. A user who
associates to WLAN1 (mapped to VLAN1) can be assigned a different VLAN after RADIUS server
authentication. This dynamic VLAN assignment overrides the WLAN's VLAN ID to which the user
associates.

The chapter is organized into the following sections:

radius-group

radius-server-policy

radius-user-pool-policy

radius-group

RADIUS-POLICY

This section describes RADIUS user group configuration commands.

The local RADIUS server allows the configuration of user groups with common user policies. User
group names and associated users are stored in the local database. The user ID in the received
access request is mapped to the associated wireless group for authentication. The configuration of
groups allows enforcement of the following policies that control user access:

Assign a VLAN to the user upon successful authentication

Define start and end of time (HH:MM) when the user is allowed to authenticate

Define the SSID list to which a user, belonging to this group, is allowed to associate

See also other documents in the category Brocade Computer Accessories: