Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

416

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Configuring the RADIUS Server

6

Modify the existing group’s guest designation, VLAN ID, access period and WLAN assignment.

7. If an existing group is no longer needed (perhaps obsolete in function), select the group and

click the Delete button to permanently remove the group from the list. The group can only be
removed if all the users in the group are removed first.

8. To create a new group, click the Add button and provide the following information.

NOTE

Rate limiting parameters need to be part of RADIUS Access Accept packets. If any RADIUS server
doesn't send rate limit parameters in RADIUS Access Accept packet, these parameters will not be
configured.

9. Refer to the Status field for the current state of the requests made from applet. This field

displays error messages if something goes wrong in the transaction between the applet and
the switch.

Name

Define a unique group name that differentiates this new group from others with
similar attributes.

Guest Group

Select the Guest Group

checkbox to assign this particular group (and the users

within) only temporary access to the local RADIUS server, thus restricting their
authentication period to a user defined access interval.

VLAN ID

Define the VLAN ID for the new group. The VLAN ID is representative of the shared
SSID each group member (user) employs to interoperate within the switch
managed network (once authenticated by the local RADIUS server).

Time of Access Start

Set the time the group is authenticated to interoperate. Each user within the group
is authenticated with the local RADIUS server. Those group members successfully
authenticated are allowed access to the switch using the restrictions defined for
the group.

Time of Access End

Set the time each group’s user base will loose access privileges within the switch
managed network. After this time, users within this group will not be authenticated
by the local RADIUS server. However, if a user is part of a different group that has
not exceeded their access end interval, the user may still interoperate with the
switch (remain authenticated) as part of that group.

Rate Limit Uplink
(0,100-100000)

Set the rate limit from the wireless client to the network when using RADIUS
authentication. A rate limit of 0 disables rate limiting for this direction. Any rate
limit obtained through RADIUS server authentication overwrites the initial user rate
limit for the given MU.

Rate Limit Downlink
(0,100-100000)

Set the rate limit from the network to the wireless client when using RADIUS
authentication. Any rate limit obtained through RADIUS server authentication
overwrites the initial user rate limit for the given MU.

Available WLANs

Use the Available WLANs Add -> and Remove <- functions to move WLANs for this
new group from the available list to the configured list. Once on the configured list
(and the changes applied), the members of this group can interoperate with the
switch on these WLANs (once authenticated by the local RADIUS server).

Configured WLANs

The Configured WLANs columns displays the WLANs this new group can operate
within (once users are configured). Use the Add -> and Remove <-

functions to

move WLANs from the available list to the configured list.

Time of access in days

Select the checkboxes corresponding to the days of the week you would like this
new group to have access to the switch managed network. Of course, the user
base within the group still needs to be authenticated by the local RADIUS server
first.