Aaa tacacs policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

357

53-1003099-01

7

16. Set the following RADIUS Address Format settings:

17. Set the Server Pooling Mode:

18. Set the following EAP Wireless Client Settings:

19. Set the Access Request Attributes:

20. Select OK to save the updates to the AAA configuration. Select Reset to revert to the last saved

configuration.

AAA TACACS Policy

Terminal Access Controller Access - Control System+ (TACACS) is a protocol created by CISCO
Systems which provides access control to network devices (routers, network access servers and
other networked computing devices) using one or more centralized servers. TACACS provides
separate authentication, authorization, and accounting services running on different servers.

TACACS controls user access to devices and network resources while providing separate
accounting, authentication, and authorization services. Some of the services provided by TACACS
are:

•

Authorizing each command with the TACACS server before execution

•

Accounting each session’s logon and log off event

•

Authenticating each user with the TACACS server before enabling access to network resources.

Format

Select the format of the MAC address used in the RADIUS accounting packets.

Case

Lists whether the MAC address is sent using uppercase or lowercase characters. The default
setting is uppercase.

Attributes

Lists whether the format specified applies only to the username/password in mac-auth or for all
attributes that include a MAC address, such as calling-station-id or called-station-id.

Server Pooling Mode

Control how requests are transmitted across RADIUS servers. Failover implies traversing the list of
servers if any server is unresponsive. Load Balanced means using all servers in a round-robin
fashion. The default setting is Failover.

Client Attempts

Defines the number of times (1 - 10) an EAP request is transmitted to a client before giving up. The
default setting is 3.

Request Timeout

Set the amount of time after which an EAP request to a client is retried. The default setting is 3
seconds.

ID Request Timeout

Define the amount of time (1 - 60 seconds) after which an EAP ID Request to a client is retried. The
default setting is 30 seconds.

Retransmission Scale
Factor

Set the scaling of the retransmission attempts. Timeout at each attempt is a function of the request
timeout factor and client attempts number. 100 (default setting) implies a constant timeout at each
retry; smaller values indicate more aggressive (shorter) timeouts, larger numbers set more
conservative (longer) timeouts on each successive attempt.

Cisco VSA Audit Session Id

Set a vendor specific attribute (VSA) to allow CISCO’s Identity Services Engine (ISE) to validate a
requesting client’s network compliance, such as the validity of virus definition files (antivirus
software or definition files for an anti-spyware software application). This setting is disabled by
default.