Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual
Page 152
138
Brocade Mobility 5181 Access Point Product Reference Guide
53-1002516-01
Configuring 802.1x EAP authentication
6
The 802.1x EAP Settings field displays within the New Security Policy screen.
4. Ensure the Name of the security policy entered suits the intended configuration or function of
the policy.
5. If using the access point’s Internal RADIUS server, leave the Radius Server drop-down menu in
the default setting of Internal. If an external RADIUS server is used, select External from the
drop-down menu.
6. Configure the Server Settings field as required to define address information for the
authentication server. The appearance of the Server Settings field varies depending on
whether Internal or External has been selected from the RADIUS Server drop-down menu.
7. Select the Accounting tab as required to define a timeout period and retry interval Syslog for
Clients interoperating with the Mobility 5181 Access Point and EAP authentication server. The
items within this tab could be enabled or disabled depending on whether Internal or External
has been selected from the Radius Server drop-down menu.
Radius Server
Address
If using an External Radius Server, specify the numerical
(non-DNS) IP address of a primary Remote Dial-In User Service
(Radius) server. Optionally, specify the IP address of a secondary
server. The secondary server acts as a failover server if the
primary server cannot be contacted. An ISP or a network
administrator provides these addresses.
Radius is a client/server protocol and software enabling
remote-access clients to communicate with a server used to
authenticate users and authorize access to the requested system
or service. This setting is not available if Internal has been
selected from the Radius Server drop-down menu.
RADIUS Port
If using an External Radius Server, specify the port on which the
primary Radius server is listening. Optionally, specify the port of a
secondary (failover) server. Older Radius servers listen on ports
1645 and 1646. Newer servers listen on ports 1812 and 1813.
Port 1645 or 1812 is used for authentication. Port 1646 or 1813
is used for accounting. The ISP or a network administrator needs
to confirm the appropriate primary and secondary port numbers
for authentication. This setting is not available if Internal has been
selected from the Radius Server drop-down menu.
RADIUS Shared
Secret
Specify a shared secret for authentication on the Internal or
Primary Radius server (External Radius Server only). The shared
secret is required to match the shared secret on the Radius server.
Optionally, specify a shared secret for a secondary (failover)
server. Use shared secrets to verify Radius messages (with the
exception of the Access-Request message) sent by a Radius
enabled device configured with the same shared secret.
Apply the qualifications of a well-chosen password to the
generation of a shared secret. Generate a random, case-sensitive
string using letters and numbers. Verify the shared secret is at
least 22 characters to protect the Radius server from brute-force
attacks. An example of a strong and secure shared secret is:
8d#>9fq4bV)H7%a3-zE13sW.
External Radius
Server Address
Specify the IP address of the external Radius server used to
provide Radius accounting.
External Radius Port
Specify the port on which the Radius server is listening. The
default port is 1813.