Configuring radius clients – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 660
648
Brocade Mobility RFS Controller System Reference Guide
53-1003099-01
11
Refer to the following to add RADIUS clients, proxy server configurations, LDAP server
configurations and review deployment considerations impacting the effectiveness of the
RADIUS supported deployment:
•
•
•
Configuring an LDAP Server Configuration
Configuring RADIUS Clients
A RADIUS client is a mechanism to communicate with a central server to authenticate users and
authorize access to the network.
The client and server share a secret (a password). That shared secret, followed by the request
authenticator, is put through a MD5 hash to create a 16 octet value which is XORed with the
password entered by the user. If the user password is greater than 16 octets, additional MD5
calculations are performed, using the previous ciphertext instead of the request authenticator. The
server receives a RADIUS access request packet and verifies the server possesses a shared secret
for the client. If the server does not possess a shared secret for the client, the request is dropped.
If the client received a verified access accept packet, the username and password are considered
correct, and the user is authenticated. If the client receives a verified access reject message, the
username and password are considered to be incorrect, and the user is not authenticated.
To define a RADIUS client configuration:
1. Select the Client tab from the RADIUS Server Policy screen.
FIGURE 23
RADIUS Server Policy screen - Client tab
2. Select the + Add Row button to add a table entry for a new client’s IP address, mask and
shared secret. To delete a client entry, select the Delete icon on the right-hand side of the table
entry.
3. Specify the IP Address and mask of the RADIUS client authenticating with the RADIUS server.