Aaa policy – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 510
500
Brocade Mobility Access Point System Reference Guide
53-1003100-01
7
Select OK to save the updates to the L2TP V3 Policy Details. Select Reset to revert to the last saved
configuration.
AAA Policy
Authentication, Authorization, and Accounting (AAA) is the mechanism network administrators use
to define access control within the access point managed network.
The access point can optionally use an external RADIUS and LDAP Servers (AAA Servers) to provide
user database information and user authentication data. Each WLAN managed by the access point
can maintain its own unique AAA configuration. Brocade Mobility 1220 Access Point, Brocade
Mobility 1220 Access PointM, Brocade Mobility 1240 Access Point, and Brocade Mobility 71XX
Access Point model access points have an onboard RADIUS server resource, while Brocade Mobility
6511 Access Point do not.
AAA provides a modular way of performing following services:
•
Authentication — Authentication provides a means for identifying users, including login and
password dialog, challenge and response, messaging support and (depending on the security
protocol), encryption. Authentication is the technique by which a user is identified before
allowed access to the access point managed network. Configure AAA authentication by
defining a list of authentication methods, and then applying the list to various access point
interfaces. The list defines the authentication schemes performed and their sequence. The list
must be applied to an interface before the defined authentication technique is conducted.
•
Authorization — Authorization occurs immediately after authentication. Authorization is a
method for remote access control, including authorization for services and individual user
accounts and profiles. Authorization functions through the assembly of attribute sets
describing what the user is authorized to perform. These attributes are compared to
information contained in a database for a given user and the result is returned to AAA to
determine the user's actual capabilities and restrictions. The database could be located locally
on the access point or be hosted remotely on a RADIUS server. Remote RADIUS servers
authorize users by associating attribute-value (AV) pairs with the appropriate user. Each
authorization method must be defined through AAA. When AAA authorization is enabled it’s
applied equally to all interfaces on the access point.
Retry Count
Use the spinner control to define how many retransmission attempts are made before determining a
target tunnel peer is not reachable. The available range is from 1 - 10, with a default value of 5.
Retry Time Out
Use the spinner control to define the interval (in seconds) before initiating a retransmission of a L2TP
V3 signaling message. The available range is from 1 - 250, with a default value of 5.
Rx Window Size
Specify the number of packets that can be received without sending an acknowledgement. The
available range is from 1 - 15, with a default setting of 10.
Tx Window Size
Specify the number of packets that can be transmitted without receiving an acknowledgement. The
available range is from 1 - 15, with a default setting of 10.
Failover Delay
Specify the wait time (in seconds) before re-establishing a failed tunnel.The available duration is 5 - 60
seconds or 1 minute with a default setting of 5 seconds.
Force L2 Path Recovery
Select to enable forcing the discovery of servers, gateways and other networks behind a L2TPV3 tunnel
when a tunnel is being established or when a failed tunnel is being reestablished.