Aap Radius Proxy Support - Brocade Communications Systems RFS6000 System Reference Manual
Provides centralized wireless lan (wlan)
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (574 pages)
Table of Contents
Advertisement
A
1. Configure Adaptive AP support on the Brocade Mobility 7131 Series Access Point by adopting
2. Once all Brocade Mobility 5181 Access Point APs are adopted, wait for 3 minutes. After 3
AAP Radius Proxy Support
When an Adaptive AP is adopted to a central switch over a WAN Link, the switch configures the
Adaptive AP for a WLAN with Radius authentication from a Radius server residing at the central
site. When the Adaptive AP gets a Radius client associated, it sends the Radius packets on the
wired side with its own IP Address as the source IP of the request and the Destination IP Address of
the Radius Server. In a local network implementation, the Adaptive APs, switch and Radius Servers
are all on the same LAN and the routing works fine. However, when the Adaptive AP is adopted over
a WAN link, the Radius Server IP Address will be an internal address which is non-routable over the
Internet.
To access the Radius server's non-routable IP address over the WAN, you have the option to
configure Adaptive AP Radius Proxying for the WLAN. When this flag is enabled, the Adaptive AP is
reconfigured to send all RADIUS traffic to the switch and the switch does the proxying to the real
Radius server to handle authentication. The switch automates the process of handling Radius
proxy configuration and client configurations. The switch supports multiple RADIUS servers. When
AAP radius proxying is enabled without specifying a realm, the switch can no longer process
requests on the on-board radius server. You cannot authenticate using the on-board Radius server
any longer because all authentications done by users without a realm are forwarded to the external
radius server, as configured for the WLAN with Adaptive AP Radius Proxy.
NOTE
The Brocade RF Series Wireless Switches support Adaptive AP Radius proxy without specifying realm
information. If AAP Proxy Radius is enabled without specifying realm information, the onboard
Radius server can no longer be used to authenticate users. If AAP Proxy Radius is enabled for a
WLAN with realm configured, then the onboard Radius server can perform as usual.
NOTE
If AAP Proxy Radius is configured, the onboard Radius server has to be enabled. By default the
onboard Radius server is disabled. To enable the onboard Radius server use the Web UI or issue the
"service radius" command in the CLI.
512
Brocade Mobility RFS7000(config-wireless)#radio 3 client-bridge ssid
meshWlan
Brocade Mobility RFS7000(config-wireless)#radio 3 bss 1 1
(map the mesh WLAN if manual mapping is enabled, not needed otherwise)
the APs base bridge as well as client bridge. The client-bridge radios must be wired directly
wired to the switch during this configuration step.
minutes disconnect the client-bridge Brocade Mobility 5181 Access Points from the network.
The client bridge Brocade Mobility 5181 Access Points will continue to be adopted.
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
Advertisement
Table of Contents
Troubleshooting
