Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual

Brocade Mobility 7131N-FGR Product Reference Guide

167

53-1001947-01

Configuring 802.1x EAP settings

6

Select the Accounting tab as required to define a timeout period and retry interval Syslog for MUs
interoperating with the Brocade Mobility 7131N-FGR Access Point and EAP authentication server.
The items within this tab could be enabled or disabled depending on whether Internal or External
has been selected from the Radius Server drop-down menu.

Radius Server Address

If using an External Radius Server, specify the numerical
(non-DNS) IP address of a primary Remote Dial-In User Service
(Radius) server. Optionally, specify the IP address of a secondary
server. The secondary server acts as a failover server if the
primary server cannot be contacted. An ISP or a network
administrator provides these addresses.
Radius is a client/server protocol and software enabling
remote-access clients to communicate with a server used to
authenticate users and authorize access to the requested system
or service. This setting is not available if Internal has been
selected from the Radius Server drop-down menu.

RADIUS Port

If using an External Radius Server, specify the port on which the
primary Radius server is listening. Optionally, specify the port of a
secondary (failover) server. Older Radius servers listen on ports
1645 and 1646. Newer servers listen on ports 1812 and 1813.
Port 1645 or 1812 is used for authentication. Port 1646 or 1813
is used for accounting. The ISP or a network administrator needs
to confirm the appropriate primary and secondary port numbers
for authentication. This setting is not available if Internal has been
selected from the Radius Server drop-down menu.

RADIUS Shared Secret

Specify a shared secret for authentication on the Internal or
Primary Radius server (External Radius Server only). The shared
secret is required to match the shared secret on the Radius server.
Optionally, specify a shared secret for a secondary (failover) server.
Use shared secrets to verify Radius messages (with the exception
of the Access-Request message) sent by a Radius enabled device
configured with the same shared secret.
Apply the qualifications of a well-chosen password to the
generation of a shared secret. Generate a random, case-sensitive
string using letters and numbers. Verify the shared secret is at
least 22 characters to protect the Radius server from brute-force
attacks. An example of a strong and secure shared secret is:
8d#>9fq4bV)H7%a3-zE13sW.

External Radius Server
Address

Specify the IP address of the external Radius server used to
provide Radius accounting.

External Radius Port

Specify the port on which the Radius server is listening. The
default port is 1813.

External Radius Shared
Secret

Specify a shared secret for authentication. The shared secret is
required to match the shared secret on the Radius server.

MU Timeout

Specify the time (in seconds) for the access point’s retransmission
of EAP-Request packets. The default is 10 seconds. If this time is
exceeded, the authentication session is terminated.

Retries

Specify the number of retries for the MU to retransmit a missed
frame to the Radius server before it times out of the
authentication session. The default is 2 retries.