beautypg.com

Creating radius groups – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 605

background image

Brocade Mobility Access Point System Reference Guide

595

53-1003100-01

9

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software
enabling remote access servers to authenticate users and authorize their access to the access
point managed network. RADIUS is a distributed client/server system that secures networks
against unauthorized access. RADIUS clients send authentication requests to the access point’s
RADIUS server containing user authentication and network service access information.

RADIUS enables centralized management of authentication data (usernames and passwords).
When a client attempts to associate to a RADIUS supported access point, the access point sends
the authentication request to the RADIUS server. The authentication and encryption of
communications between the access point and server takes place through the use of a shared
secret password (not transmitted over the network).

The access point’s local RADIUS server stores the user database locally, and can optionally use a
remote user database. It ensures higher accounting performance. It allows the configuration of
multiple users, and assign policies for the group authorization.

Brocade Mobility 7131 Access Point, Brocade Mobility 1240 Access Point, Brocade Mobility 1220
Access Point, Brocade Mobility 1220 Access Points have an internal RADIUS server resource.
However, Brocade Mobility 6511 Access Point do not have an onboard RADIUS server resource and
an external resource must be used.

The access point allows the enforcement of user-based policies. User policies include dynamic
VLAN assignment and access based on time of day. The access point uses a default trustpoint. A
certificate is required for EAP TTLS,PEAP and TLS RADIUS authentication (configured with the
RADIUS service).

Dynamic VLAN assignment is achieved based on the RADIUS server response. A user who
associates to WLAN1 (mapped to VLAN1) can be assigned a different VLAN after authentication
with the RADIUS server. This dynamic VLAN assignment overrides the WLAN's VLAN ID to which the
user associates.

To view RADIUS configurations:

1. Select Configuration tab from the web user interface.

Select Services.

Select the RADIUS option. The RADIUS Group screen displays (by default).

For information on creating the groups, user pools and server policies needed to validate
user credentials against a server policy configuration, refer to the following:

Creating RADIUS Groups

Defining User Pools

Configuring the RADIUS Server

Creating RADIUS Groups

Setting the RADIUS Configuration

The access point’s RADIUS server allows the configuration of user groups with common user
policies. User group names and associated users are stored in the access point’s local database.
The user ID in the received access request is mapped to the associated wireless group for
authentication. Group configurations allow the enforcement of the following policies controlling
user access:

The assignment of a VLAN to the user upon successful authentication

See also other documents in the category Brocade Computer Accessories: