Configuring kerberos – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 120
106
Brocade Mobility RFS7000-GR Controller System Reference Guide
53-1001944-01
Viewing and configuring switch WLANs
4
The RADIUS Config...
button on the bottom of the screen will become enabled. Ensure a
primary and optional secondary RADIUS Server have been configured to authenticate users
requesting access to the EAP 802.1x supported WLAN. For more information, see
external RADIUS Server support”
4. Click the Config button to the right of the 802.1X EAP checkbox.
The 802.1x EAP screen displays.
5. Configure the Advanced field as required to define MU timeout and retry information for the
authentication server.
6. Refer to the Status field for the current state of the requests made from applet. This field
displays error messages if something goes wrong in the transaction between the applet and
the switch.
7. Click OK to use the changes to the running configuration and close the dialog.
8. Click Cancel to close the dialog without committing updates to the running configuration.
Configuring Kerberos
Kerberos (designed and developed by MIT) provides strong authentication for client/server
applications using secret-key cryptography. Using Kerberos, a MU must prove its identity to a server
(and vice versa) across an insecure network connection. Once a MU and server prove their identity,
they can encrypt all communications to assure privacy and data integrity. Kerberos can only be
used with Brocade clients.
CAUTION
Kerberos makes no provisions for host security. Kerberos assumes it is running on a trusted host
with an untrusted network. If host security is compromised, Kerberos is compromised as well
To configure a Kerberos authentication scheme for a WLAN:
1. Select Network > Wireless LANs from the main menu tree.
2. Select an existing WLAN from those displayed within the Configuration tab.
3. Click the Edit button.
MU Timeout
Define the time (between 1- 60 seconds) for the switch’s retransmission of
EAP-Request packets. The default is 5 seconds.
MU Max Retries
Specify the maximum number of times the switch retransmits an EAP-Request
frame to the client before it times out the authentication session. The default is 3
retries, with a maximum of 100 supported.