Brocade Communications Systems RFS6000 System Reference Manual page 437

3. Refer to the Authentication field to define the following Radius authentication information:
EAP and Auth Type Specify the EAP type for the Radius server.
•
PEAP
using legacy EAP authentication methods.
•
TTLS
secure transport tunnel has been established. This allows EAP-TTLS to protect legacy authentication methods
used by some Radius servers.
Auth Data Source
Auth Data Source Use
•
If
Refer to the
•
If
Cert Trustpoint Click the
certificate enrollment requests. A trustpoint is a representation of a CA or identity pair. A trustpoint contains the
identity of the CA, CA-specific configuration parameters, and an association with one enrolled identity certificate. If
the server certificate trustpoint is not used, the default trustpoint is used instead.
CA Cert Trustpoint Click the View/Change button to specify the CA certificate trustpoint from which the Radius server automatically
grants certificate enrollment requests. A trustpoint is a representation of a CA or identity pair. A trustpoint contains
the identity of the CA, CA-specific configuration parameters, and an association with one enrolled identity certificate.
If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as a CA certificate. If the "Default
trustpoint" does not have a CA certificate, the server certificate is used as the CA certificate.
NOTE
EAP-TLS will not work with a default trustpoint. Proper CA and Server trustpoints must be configured
for EAP-TLS. For information on configuring certificates for the switch, see
Certificates on page
4. Select LDAP Group Verification Details checkbox. Refer to the LDAP Server Details field to
IP Address Enter the IP address of the external LDAP server acting as the data source for the Radius server. This server must be
accessible from an active switch subnet.
Port Enter the TCP/IP port number for the LDAP server acting as the data source.
Password Attribute Enter the password attribute used by the LDAP server for authentication.
Bind DN Specify the distinguished name to bind with the LDAP server.
Bind Password Enter a valid password for the LDAP server.
Base DN Specify a distinguished name that establishes the base object for the search. The base object is the point in the
LDAP tree at which to start searching.
User Login Filter Enter the login used by the LDAP server for authentication.
Group Filter Specify the group filters used by the LDAP server.
Group Membership Specify the Group Member Attribute sent to the LDAP server when authenticating users.
Attribute
Group Attribute Specify the group attribute used by the LDAP server.
Net Timeout Enter a timeout value (between 1-10 seconds) the system uses to terminate the connection to the Radius Server if
no activity is detected.
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
uses a TLS layer on top of EAP as a carrier for other EAP modules. PEAP is an ideal choice for networks
is similar to EAP-TLS, but the client authentication portion of the protocol is not performed until after a
drop-down menu to select the data source for the local Radius server.
Local
is selected, the switch's internal user database serves as the data source for user authentication.
Users Groups
and
LDAP
is selected, the switch uses the data within an LDAP server.
View/Change
button to specify the trustpoint from which the Radius server automatically grants
6-433.
define the primary and secondary Radius LDAP server configuration providing access to an
external database used with the local Radius server.
tabs to define user and group permissions for the switch's local Radius server.
6
Creating Server
425