User database, Authentication of terminal/management user(s), Access policy – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 419
Brocade Mobility RFS7000-GR Controller System Reference Guide
405
53-1001944-01
Configuring the RADIUS Server
6
The RADIUS server validates the user’s credentials and challenges information received in the
RADIUS access request frames. If the user is authorized and authenticated, the client is granted
access by sending a RADIUS access accept frame. The frame is transmitted to the client in an
EAPoL frame format.
User database
User group names and associated users (in each group) can be created in the local database. The
User ID in the received access request is mapped to the associated wireless group for
authentication. The switch supports the creation of 500 users and 100 groups within its local
database. Each group can have a maximum of 500 users.
Authentication of terminal/management user(s)
The local RADIUS server can be used to authenticate users. A normal user (with a password)
should be created in the local database. These users should not be a part of any group.
Access policy
Access policies are defined for a group created in the local database. Each user is authorized
based on the access policies defined for the groups to which the user belongs. Access policies
allow the administrator to control access to a set of users based on the WLANs (ESSID).
Group to WLAN access is controlled using a “Time of the day” access policy.
Consider User1 (part of Group 1), which is mapped to WLAN1 (ESSID of WLAN1). When the user
tries to connect to WLAN1, the user is prompted to enter his/her credentials. Once the
authentication and authorization phases are successful, only User1 is able to access WLAN1 for
the allowed duration (but not any other WLAN). Each user group can be configured to be a part of
one VLAN. All the users in that group are assigned the same VLAN ID if dynamic VLAN authorization
has been enabled on the WLAN.
RADIUS
RADIUS