Aaa policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

348

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

7

Select OK to save the updates to the L2TP V3 policy. Select Reset to revert to the last saved
configuration.

AAA Policy

Authentication, Authorization, and Accounting (AAA) provides the mechanism network
administrators define access control within the network.

Controllers, service platforms and Access Points can interoperate with external RADIUS and LDAP
Servers (AAA Servers) to provide user database information and user authentication data. Each
WLAN can maintain its own unique AAA configuration.

AAA provides a modular way of performing the following services:

Authentication — Authentication provides a means for identifying users, including login and
password dialog, challenge and response, messaging support and (depending on the security
protocol), encryption. Authentication is the technique by which a user is identified before allowed
access to the network. Configure AAA authentication by defining a list of authentication methods,
and then applying the list to various interfaces. The list defines the authentication schemes
performed and their sequence. The list must be applied to an interface before the defined
authentication technique is conducted.

Authorization — Authorization occurs immediately after authentication. Authorization is a method
for remote access control, including authorization for services and individual user accounts and
profiles. Authorization functions through the assembly of attribute sets describing what the user is
authorized to perform. These attributes are compared to information contained in a database for a
given user and the result is returned to AAA to determine the user's actual capabilities and
restrictions. The database could be located locally or be hosted remotely on a RADIUS server.
Remote RADIUS servers authorize users by associating attribute-value (AV) pairs with the
appropriate user. Each authorization method must be defined through AAA. When AAA
authorization is enabled it’s applied equally to all interfaces.

Accounting — Accounting is the method for collecting and sending security server information for
billing, auditing, and reporting user data; such as start and stop times, executed commands (such
as PPP), number of packets, and number of bytes. Accounting enables wireless network
administrators to track the services users are accessing and the network resources they are
consuming. When accounting is enabled, the network access server reports user activity to a

Retry Count

Use the spinner control to define how many retransmission attempts are made before
determining a target tunnel peer is not reachable. The available range is from 1 - 10, with a
default value of 5.

Retry Time Out

Use the spinner control to define the interval (in seconds) before initiating a retransmission of
a L2TP V3 signaling message. The available range is from 1 - 250, with a default value of 5.

Rx Window Size

Specify the number of packets that can be received without sending an acknowledgement. The
available range is from 1 - 15, with a default setting of 10.

Tx Window Size

Specify the number of packets that can be transmitted without receiving an acknowledgement.
The available range is from 1 - 15, with a default setting of 10.

Failover Delay

Set the time in Seconds (5 - 60) or Minutes (1) for establishing a tunnel after a failover
(VRRP/RF Domain/Cluster). The default setting is 5 seconds

Force L2 Path
Recovery

Determine whether force L2 path recovery is enabled or disabled. Once a tunnel is established,
enabling this setting forces server and gateway learning behind the L2TPv3 tunnel. The default
setting is disabled.