beautypg.com

Configuring 802.1x eap authentication – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Page 208

background image

196

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

6. Click the Apply button to return to the WLAN screen to save any changes made within the

Kerberos Configuration field of the New Security Policy screen.

7. Click the Cancel button to undo any changes made within the Kerberos Configuration field and

return to the WLAN screen. This reverts all settings for the Kerberos Configuration field to the
last saved configuration.

Configuring 802.1x EAP Authentication

The IEEE 802.1x standard ties the 802.1x EAP authentication protocol to both wired and wireless
LAN applications.

The EAP process begins when an unauthenticated supplicant (client device) tries to connect with
an authenticator (in this case, the authentication server). The Mobility 7131 Access Point passes
EAP packets from the client to an authentication server on the wired side of the Mobility 7131
Access Point. All other packet types are blocked until the authentication server (typically, a Radius
server) verifies the MU’s identity.

To configure 802.1x EAP authentication on the Mobility 7131 Access Point:

1. Select Network Configuration -> Wireless -> Security from the Mobility 7131 Access Point menu

tree.

If security policies supporting 802.1x EAP exist, they appear within the Security
Configuration screen. These existing policies can be used as is, or their properties edited
by clicking the Edit button. To configure a new security policy supporting 802.1x EAP,
continue to step 2.

2. Click the Create button to configure a new policy supporting 802.1x EAP.

The New Security Policy screen displays with no authentication or encryption options
selected.

3. Select the 802.1x EAP radio button.

The 802.1x EAP Settings field displays within the New Security Policy screen.

Realm Name

Specify a realm name that is case-sensitive, for example, BROCADE.COM. The realm name
is the name domain/realm name of the KDC Server. A realm name functions similarly to a
DNS domain name. In theory, the realm name is arbitrary. However, in practice a Kerberos
realm is named by uppercasing the DNS domain name that is associated with hosts in the
realm.

Primary KDC

Specify a numerical (non-DNS) IP address and port for the primary Key Distribution Center
(KDC). The KDC implements an Authentication Service and a Ticket Granting Service,
whereby an authorized user is granted a ticket encrypted with the user's password. The
KDC has a copy of every user password.

Backup KDC

Optionally, specify a numerical (non-DNS) IP address and port for a backup KDC. Backup
KDCs are referred to as slave servers. The slave server periodically synchronizes its
database with the primary (or master) KDC.

Remote KDC

Optionally, specify a numerical (non-DNS) IP address and port for a remote KDC. Kerberos
implementations can use an administration server allowing remote manipulation of the
Kerberos database. This administration server usually runs on the KDC.

Port

Specify the ports on which the Primary, Backup and Remote KDCs reside. The default port
number for Kerberos Key Distribution Centers is Port 88.

See also other documents in the category Brocade Computer Accessories: