beautypg.com

Profile management configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 527

background image

Brocade Mobility RFS Controller System Reference Guide

515

53-1003099-01

8

Either select an existing captive portal policy or select the Create button to create a new
captive portal configuration that can be applied to this profile. Existing policies can be modified
by selecting the Edit icon. For more information, see

Setting the DHCP Configuration

.

7. Use the RADIUS Server Policy drop-down menu to select an existing RADIUS server policy to

use as a user validation security mechanism with this profile.

A profile can have its own unique RADIUS server policy to authenticate users and authorize
access to the network. A profile’s RADIUS policy provides the centralized management of
controller or service platform authentication data (usernames and passwords). When an client
attempts to associate, an authentication request is sent to the RADIUS server.

If an existing RADIUS server policy does not meet your requirements, select the Create button
to create a new policy configuration that can be applied to this profile. Existing policies can be
modified by selecting the Edit icon. For more information, see

Setting the RADIUS

Configuration

.

8. Select OK to save the changes made to the profile’s services configuration. Select Reset to

revert to the last saved configuration.

Profile Services Configuration and Deployment Considerations

Profile Services Configuration

Before defining a profile’s captive portal, DHCP and RADIUS services configuration, refer to the
following deployment guidelines to ensure the profile configuration is optimally effective:

A profile plan should consider the number of wireless clients allowed on the captive portal and
the services provided, or if the profile should support captive portal access at all.

Profile configurations supporting a captive portal should include firewall policies to ensure
logical separation is provided between guest and internal networks so internal networks and
hosts are not reachable from captive portals.

DHCP’s lack of an authentication mechanism means a DHCP server supported profile cannot
check if a client or user is authorized to use a given user class. This introduces a vulnerability
when using user class options. Ensure a profile using an internal DHCP resource is also
provisioned with a strong user authorization and validation configuration.

Profile Management Configuration

Controllers and service platforms have mechanisms to allow/deny management access to the
network for separate interfaces and protocols (HTTP, HTTPS, Telnet, SSH or SNMP). These
management access configurations can be applied strategically to profiles as resource
permissions dictate.

Additionally, an administrator can define a profile with unique configuration file and device
firmware upgrade support. In a clustered environment, these operations can be performed on one
controller or service platform, then propagated to each member of the cluster and onwards to the
devices managed by each cluster member.

To define a profile’s management configuration:

1. Select the Configuration tab from the Web UI.

2. Select Profiles from the Configuration tab.

See also other documents in the category Brocade Computer Accessories: