Using The Switch's Radius Server Versus An External Radius - Brocade Communications Systems RFS6000 System Reference Manual
Provides centralized wireless lan (wlan)
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (574 pages)
Table of Contents
Advertisement
6
Authentication of Terminal/Management User(s)
The local Radius server can be used to authenticate users. A normal user (with a password) should
be created in the local database. These users should not be a part of any group.
Access Policy
Access policies are defined for a group created in the local database. Each user is authorized
based on the access policies defined for the groups to which the user belongs. Access policies
allow the administrator to control access to a set of users based on the WLANs (ESSID).
Group to WLAN access is controlled using a "Time of the day" access policy.
Consider User1 (part of Group 1), which is mapped to WLAN1 (ESSID of WLAN1). When the user
tries to connect to WLAN1, the user is prompted to enter his/her credentials. Once the
authentication and authorization phases are successful, only User1 is able to access WLAN1 for
the allowed duration (but not any other WLAN). Each user group can be configured to be a part of
one VLAN. All the users in that group are assigned the same VLAN ID if dynamic VLAN authorization
has been enabled on the WLAN.
Proxy to External Radius Server
Proxy realms are configured on the switch, which has the details of the external Radius server to
which the corresponding realm users are to be proxied. The obtained user ID is parsed in a
(user@realm, realm/user, user%realm, user/realm) format to determine which proxy Radius server
is to be used.
LDAP
An external data source based on LDAP can be used to authorize users. The Radius server looks for
user credentials in the configured external LDAP server and authorizes users. The switch supports
two LDAP server configurations.
Accounting
Accounting should be initiated by the Radius client. Once the Local/Onboard Radius server is
started, it listens for both authentication and accounting records.
Using the Switch's Radius Server Versus an External Radius
The switch ships with a default configuration defining the local Radius Server as the primary
authentication source (default users are admin with superuser privileges and operator with monitor
privileges). No secondary authentication source is specified. However, Brocade recommends using
an external Radius Server as the primary authentication source and the local switch Radius Server
as the secondary user authentication source. For information on configuring an external Radius
Server, see
Configuring External Radius Server Support on page
4-128. For instructions on how to
configure the switch's local Radius Server, see
Defining the Radius Configuration on page
6-421.
420
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
Advertisement
Table of Contents
Troubleshooting
