Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

198

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

7. Select the Accounting tab as required to define a timeout period and retry interval Syslog for

MUs interoperating with the Mobility 7131 Access Point and EAP authentication server. The
items within this tab could be enabled or disabled depending on whether Internal or External
has been selected from the Radius Server drop-down menu.

8. Select the Reauthentication tab as required to define authentication connection policies,

intervals and maximum retries. The items within this tab are identical regardless of whether
Internal or External is selected from the Radius Server drop-down menu.

Radius Server Address If using an External Radius Server, specify the numerical (non-DNS) IP address of a primary

Remote Dial-In User Service (Radius) server. Optionally, specify the IP address of a
secondary server. The secondary server acts as a failover server if the primary server
cannot be contacted. An ISP or a network administrator provides these addresses.
Radius is a client/server protocol and software enabling remote-access clients to
communicate with a server used to authenticate users and authorize access to the
requested system or service. This setting is not available if Internal has been selected from
the Radius Server drop-down menu.

RADIUS Port

If using an External Radius Server, specify the port on which the primary Radius server is
listening. Optionally, specify the port of a secondary (failover) server. Older Radius servers
listen on ports 1645 and 1646. Newer servers listen on ports 1812 and 1813. Port 1645
or 1812 is used for authentication. Port 1646 or 1813 is used for accounting. The ISP or a
network administrator needs to confirm the appropriate primary and secondary port
numbers for authentication. This setting is not available if Internal has been selected from
the Radius Server drop-down menu.

RADIUS Shared Secret Specify a shared secret for authentication on the Internal or Primary Radius server

(External Radius Server only). The shared secret is required to match the shared secret on
the Radius server. Optionally, specify a shared secret for a secondary (failover) server. Use
shared secrets to verify Radius messages (with the exception of the Access-Request
message) sent by a Radius enabled device configured with the same shared secret.
Apply the qualifications of a well-chosen password to the generation of a shared secret.
Generate a random, case-sensitive string using letters and numbers. Verify the shared
secret is at least 22 characters to protect the Radius server from brute-force attacks. An
example of a strong and secure shared secret is: 8d#>9fq4bV)H7%a3-zE13sW.

External Radius Server
Address

Specify the IP address of the external Radius server used to provide Radius accounting.

External Radius Port

Specify the port on which the Radius server is listening. The default port is 1813.

External Radius
Shared Secret

Specify a shared secret for authentication. The shared secret is required to match the
shared secret on the Radius server.

MU Timeout

Specify the time (in seconds) for the access point’s retransmission of EAP-Request packets.
The default is 10 seconds. If this time is exceeded, the authentication session is
terminated.

Retries

Specify the number of retries for the MU to retransmit a missed frame to the Radius server
before it times out of the authentication session. The default is 2 retries.

Enable Syslog

Select the

Enable Syslog

checkbox to enable Radius accounting syslog messages

relating to EAP events to be written to the specified syslog server.

Syslog Server IP
Address

Enter the IP address of the destination syslog server to be used to log EAP events.