Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

647

53-1003099-01

11

12. Select + Add Row within the Authentication field to define the following Authentication Data

Source rules for the RADIUS server policy:

13. If using LDAP as the default authentication source, select + Add Row to set LDAP Agent

settings.

When a user's credentials are stored on an external LDAP server, the controller or service
platform’s local RADIUS server cannot successfully conduct PEAP-MSCHAPv2
authentication, since it is not aware of the user’s credentials maintained on the external
LDAP server resource. Therefore, up to two LDAP agents can be provided locally so remote
LDAP authentication can be successfully accomplished on the remote LDAP resource
(using credentials maintained locally).

14. Set the following Session Resumption/Fast Reauthentication settings to define how server

policy sessions are re-established once terminated and require cached data to resume:

15. Select OK to save the settings to the server policy configuration. Select Reset to revert to the

last saved configuration.

Precedence

Use the spinner control to set the numeric precedence (priority) for this authentication data
source rule. Rules with the lowest precedence receive the highest priority. Set the value
between 1 - 5000. This value is mandatory.

SSID

Enter or modify the SSID associated with the authentication data source rule. The maximum
number of characters is 32. Do not use any of these characters
(< > | " & \ ? ,).

Source

Use the drop-down menu to define the RADIUS data source for this authentication data source
rule as Local or LDAP.

Fallback

Select this option to fallback to the Local resource for RADIUS data authentication from LDAP for
this authentication data source rule.

Username

Enter a 63 character maximum username for the LDAP server’s domain administrator. This is
the username defined on the LDAP server for RADIUS authentication requests.

Password

Enter and confirm the 32 character maximum password (for the username provided above). The
successful verification of the password maintained on the controller or service platform enables
PEAP-MSCHAPv2 authentication using the remote LDAP server resource.

Retry Timeout

Set the number of Seconds (60 - 300) or Minutes (1 - 5) to wait between LDAP server access
requests when attempting to join the remote LDAP server’s domain. The default settings is one
minute.

Redundancy

Define the Primary or Secondary LDAP agent configuration used to connect to the LDAP server
domain.

Domain Name

Enter the name of the domain (from 1 - 127 characters) to which the remote LDAP server
resource belongs.

Enable Session Resumption

Select the checkbox to control volume and the duration cached data is maintained by the server
policy upon the termination of a server policy session. The availability and quick retrieval of the
cached data speeds up session resumption. This setting is disabled by default.

Cached Entry Lifetime

If enabling session resumption, use the spinner control to set the lifetime (1 - 24 hours) cached
data is maintained by the RADIUS server policy. The default setting is 1 hour.

Maximum Cache Entries

If enabling session resumption, use the spinner control to define the maximum number of
entries maintained in cache for this RADIUS server policy. The default setting is 128.