Brocade Communications Systems RFS6000 System Reference Manual page 431

Apart from EAP authentication, the switch allows the enforcement of user-based policies.
User-based policies include dynamic VLAN assignment and access based on time of day.
The switch uses a default trustpoint. A certificate is required for EAP TTLS,PEAP and TLS Radius
authentication (configured with the Radius service).
Dynamic VLAN assignment is achieved based on the Radius server response. A user who
associates to WLAN1 (mapped to VLAN1) can be assigned a different VLAN after authentication
with the Radius server. This dynamic VLAN assignment overrides the WLAN's VLAN ID to which the
User associates.
NOTE
For a Radius supported VLAN to function properly, the "Dynamic Assignment" checkbox must be
enabled for the WLAN supporting the VLAN. For more information, see
Configuration on page
For 802.1x EAP authentication, the switch initiates the authentication process by sending an EAPoL
message to the Access Port only after the wireless client joins the wireless network. The Radius
client in the switch processes the EAP messages it receives. It encapsulates them to Radius access
requests and sends them to the configured Radius server (in this case the switch's local Radius
server).
The Radius server validates the user's credentials and challenge information received in the
Radius access request frames. If the user is authorized and authenticated, the client is granted
access by sending a Radius access accept frame. The frame is transmitted to the client in an
EAPoL frame format.
User Database
User group names and associated users (in each group) can be created in the local database. The
User ID in the received access request is mapped to the associated wireless group for
authentication. The switch supports the creation of 500 users and 100 groups within its local
database. Each group can have a maximum of 500 users.
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
4-109.
6
Editing the WLAN
419