Radius Overview - Brocade Communications Systems RFS6000 System Reference Manual
Provides centralized wireless lan (wlan) configuration and management
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (553 pages)
Table of Contents
Advertisement
Radius overview
Radius enables centralized management of controller authentication data (usernames and
passwords). When a Client attempts to associate to the Radius supported controller, the controller
sends the authentication request to the Radius server. The communications between the controller
and server are authenticated and encrypted through the use of a shared secret password (not
transmitted over the network).
The controller's local Radius server stores the authentication data locally, but can also be
configured to use a remote user database. A Radius server as the centralized authentication server
is an excellent choice for performing accounting. Radius can significantly increase security by
centralizing password management
NOTE
The controller can be configured to use its own local Radius server or an external Radius server you
define and configure. For information on the benefits and risks of using the controller's resident
Radius Server (as opposed to an external Radius Server), see
"Using the controller's Radius server versus an external Radius"
CAUTION
When restarting or rebooting the controller, the Radius server is restarted regardless of its state
before the reboot.
The Radius server defines authentication and authorization schemes for granting the access to
wireless clients. Radius is also used for authenticating hotspot and remote VPN Xauth. The
controller can be configured to use 802.1x EAP for authenticating wireless clients with a Radius
server. The following EAP authentication types are supported by the controller's onboard Radius
server:
•
•
•
•
•
•
Apart from EAP authentication, the controller allows the enforcement of user-based policies.
User-based policies include dynamic VLAN assignment and access based on time of day.
The controller uses a default trustpoint. A certificate is required for EAP TTLS,PEAP and TLS Radius
authentication (configured with the Radius service).
Dynamic VLAN assignment is achieved based on the Radius server response. A user who
associates to WLAN1 (mapped to VLAN1) can be assigned a different VLAN after authentication
with the Radius server. This dynamic VLAN assignment overrides the WLAN's VLAN ID to which the
User associates.
NOTE
For a Radius supported VLAN to function properly, the Dynamic Assignment checkbox must be
enabled for the WLAN supporting the VLAN. For more information, see
configuration"
Brocade Mobility RFS6000 and RFS7000 System Reference Guide
53-1001858-01
TLS
TLS and MD5
TTLS and PAP
TTLS and MSCHAPv2
PEAP and GTC
PEAP and MSCHAPv2
on page 109.
Configuring the Radius server
on page 429.
"Editing the WLAN
6
427
Advertisement
Table of Contents
