Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

644

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

11

FIGURE 21

RADIUS Server Policy screen

5. Select a server policy from the Server Policy Browser. The user has the option of adding a new

policy, modifying an existing one, or deleting a policy.

RADIUS Server Policy

Lists the administrator assigned policy name defined upon creation of the server policy.

RADIUS User Pools

Lists the user pools assigned to this server policy. These are the client users who an
administrator has assigned to each listed group and who must adhere to its network access
requirements before granted access to controller or service platform resources.

Default Source

Displays the RADIUS resource designated for user authentication requests. Options include
Local (resident controller or service platform RADIUS server resources) or LDAP (designated
remote LDAP resource).

Default Fallback

States whether a fallback is enabled providing a revert back to local RADIUS resources if the
designated external LDAP resource were to fail or become unavailable. A green checkmark
indicates Default Fallback is enabled. A red “X” indicates it’s disabled. Default Fallback is
disabled by default.

Authentication Type

Lists the local EAP authentication scheme used with this policy. The following EAP
authentication types are supported by the local RADIUS and remote LDAP servers:
All – Enables both TTLS and PEAP.
TLS - Uses TLS as the EAP type.
TTLS and MD5 - The EAP type is TTLS with default authentication using MD5.
TTLS and PAP - The EAP type is TTLS with default authentication using PAP.
TTLS and MSCHAPv2 - The EAP type is TTLS with default authentication using MSCHAPv2.
PEAP and GTC - The EAP type is PEAP with default authentication using GTC.
PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using MSCHAPv2.
However, when user credentials are stored on an LDAP server, the RADIUS server cannot
conduct PEAP-MSCHAPv2 authentication on its own, as it is not aware of the password. Use
LDAP agent settings to locally authenticater the user. Additonally, an authentication utility (such
as Samba) must be used to authenticate the user. Samba is an open source software used to
share services between Windows and Linux machine.

CRL Validation

Specifies whether a Certificate Revocation List (CRL) check is made. A green checkmark
indicates CRL validation is enabled. A red “X” indicates it’s disabled. A CRL is a list of revoked
certificates issued and subsequently revoked by a Certification Authority (CA). Certificates can
be revoked for a number of reasons including failure or compromise of a device using a
certificate, a compromise of a certificate key pair or errors within an issued certificate. The
mechanism used for certificate revocation depends on the CA.