beautypg.com

Setting the radius configuration, Creating radius groups – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 649

background image

Brocade Mobility RFS Controller System Reference Guide

637

53-1003099-01

11

Setting the RADIUS Configuration

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software
enabling remote access servers to authenticate users and authorize their access. RADIUS is a
distributed client/server system that secures networks against unauthorized access. RADIUS
clients send authentication requests to the local RADIUS server containing user authentication and
network service access information.

RADIUS enables centralized management of authentication data (usernames and passwords).
When a client attempts to associate to the RADIUS supported controller or service platform,
authentication requests are sent to the RADIUS server. Authentication and encryption takes place
through the use of a shared secret password (not transmitted over the network).

The local RADIUS server stores the user database locally, and can optionally use a remote user
database. It ensures higher accounting performance. It allows the configuration of multiple users,
and assign policies for the group authorization.

The local enforcement of user-based policies is configurable. User policies include dynamic VLAN
assignment and access restrictions based on time of day. A certificate is required for EAP
TTLS,PEAP and TLS RADIUS authentication (configured with the RADIUS service).

Dynamic VLAN assignment is achieved based on the RADIUS server response. A user who
associates to WLAN1 (mapped to VLAN1) can be assigned a different VLAN after authentication
with the RADIUS server. This dynamic VLAN assignment overrides the WLAN's VLAN ID to which the
user associates.

To view RADIUS configurations:

1. Select Configuration tab from the main menu.

2. Select the Services tab from the Configuration menu.

The upper, left-hand side pane of the User interface displays the RADIUS option. The
RADIUS Group screen displays (by default).

For information on creating the groups, user pools and server policies needed to validate
user credentials against a server policy configuration, refer to the following:

Creating RADIUS Groups

Defining User Pools

Configuring RADIUS Server Policies

RADIUS Deployment Considerations

Creating RADIUS Groups

The RADIUS server allows the configuration of user groups with common user policies. User group
names and associated users are stored in a local database. The user ID in the received access
request is mapped to the specified group for authentication. RADIUS groups allows the
enforcement of the following policies managing user access.

Assign a VLAN to the user upon successful authentication

Define a start and end of time in (HH:MM) when the user is allowed to authenticate

Define the list of SSIDs to which a user belonging to this group is allowed to associate

Define the days of the week the user is allowed to login

See also other documents in the category Brocade Computer Accessories: