beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1059

background image

1050

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

17

Specifies the RADIUS datasource used for user authentication. Options include local for the local
user database or LDAP for a remote LDAP resource.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

authentication [data-source|eap-auth-type]

authentication data-source [ldap|local]

authentication data-source [ldap {fallack}|local] {(ssid precedence

<1-5000>)}

authentication eap-auth-type

[all|peap-gtc|peap-mschapv2|tls|ttls-md5|ttls-mschapv2|

ttls-pap]

Parameters

authentication data-source [ldap {fallback}|local] {(ssid precedence

<1-5000>)}

authentication eap-auth-type [all|peap-gtc|peap-mschapv2|tls|ttls-md5|

ttls-mschapv2|ttls-pap]

data-source

The RADIUS sever can either use the local database or an external LDAP server to authenticate a user. It is
necessary to specify the data source. The options are: LDAP and local.
NOTE: The default setting is local.

ldap fallback

Uses a remote LDAP server as the data source

fallback – Optional. Enables fallback to local authentication. This feature ensures that when the
configured LDAP data source is unreachable, the client is authenticated against the local RADIUS
resource. This option is disabled by default.

local

Uses the local user database to authenticate a user

ssid
precedence <1-5000>

The following keywords are recursive and common to both ‘ldap’ and ‘local’ parameters:

ssid – Optional. Associates the data source, selected in the previous step, with a SSID.

– Specify the SSID for this authentication data source. The SSID is case

sensitive and should not exceed 32 characters in length. Do not use any of the following
characters (< > | " & \ ? ,).

precedence – Sets the precedence for this authentication rule. The
precedence value allows systematic evaluation and application of rules. Rules with the lowest
precedence receive the highest priority.

<1-5000> – Specify a precedence from 1 -5000.

Specifying the SSID allows the RADIUS server to use the SSID attribute in access requests to determine the
data source to use. This option is applicable to onboard RADIUS servers only.

eap-auth-type

Uses Extensible Authentication Protocol (EAP), with this RADIUS server policy, for user authentication
The EAP authentication types supported by the local RADIUS server are: all, peap-gtc, peap-mschapv2, tls,
ttls-md5, ttls-mschapv2, ttls-pap.

all

Enables both TTLS and PEAP authentication

See also other documents in the category Brocade Computer Accessories: