beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1062

background image

Brocade Mobility RFS Controller CLI Reference Guide

1053

53-1003098-01

17

When a user's credentials are stored on an external LDAP server, the local RADIUS server cannot
successfully conduct PEAP-MSCHAPv2 authentication, since it is not aware of the user's
credentials maintained on the external LDAP server resource. Therefore, up to two LDAP agents
can be provided locally so remote LDAP authentication can be successfully accomplished on the
remote LDAP resource (using credentials maintained locally).

This feature is available to all controller, service platforms and access point models, with the
exception of Brocade Mobility 6511 Access Point running in standalone AP or virtual controller AP
mode. However, this feature is supported by dependent mode Brocade Mobility 6511 Access Point
access points when adopted and managed by a controller or service platform.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

ldap-agent [join|join-retry-timeout|primary|secondary]

ldap-agent [join {on }|join-retry-timeout <60-300>]

ldap-agent [primary|secondary] domain-name

domain-admin-user

domain-admin-password [0 |2 ]

Parameters

ldap-agent [join {on }|join-retry-timeout <60-300>]

ldap-agent [primary|secondary] domain-name

domain-admin-user

domain-admin-password [0 |2 ]

ldap-agent

Configures the LDAP agent’s settings

join
{on }

Initiates the join process, which binds the RADIUS server with the LDAP server’s (Windows) domain. When
successful, the hostname (name of the AP, wireless controller, or service platform) is added to the LDAP
server’s Active Directory.

on – Optional. Specifies the device name

– Specify the name of the AP, wireless controller, or service platform.

To confirm the join status of a controller, use the show > ldap-agent > join-status command.

join-retry-timeout
<60-300>

If the join process fails (i.e. the RADIUS server fails to join the LADP server’s domain), the process is retried
after a specified interval. This command configures the interval (in seconds) between two successive join
attempts.

<60-300> – Set the timeout value from 60 - 300 seconds. The default is 60 seconds.

A retry timer is initiated as soon as the join process starts, which tracks the time lapse in case of a failure.

ldap-agent

Configures the LDAP agent’s settings

primary

Configures the primary LDAP server details, such as domain name, user name, and password. The RADIUS
server uses these credentials to bind with the primary LDAP server.

secondary

Configures the secondary LDAP server details, such as domain name, user name, and password. The
RADIUS server uses these credentials to bind with the secondary LDAP server.

See also other documents in the category Brocade Computer Accessories: