Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 424
410
Brocade Mobility RFS7000-GR Controller System Reference Guide
53-1001944-01
Configuring the RADIUS Server
6
NOTE
EAP-TLS will not work with a default trustpoint. Proper CA and Server trustpoints must be configured
for EAP-TLS. For information on configuring certificates for the switch, see
4. Refer to the LDAP Server Details field to define the primary and secondary RADIUS LDAP
server configuration providing access to an external database used with the local RADIUS
server.
5. Click the Apply button to save the changes made to within the screen.
6. Click the Revert button to cancel any changes made within the screen and revert back to the
last saved configuration.
Cert Trustpoint
Click the View/Change
button to specify the trustpoint from which the RADIUS
server automatically grants certificate enrollment requests. A trustpoint is a
representation of a CA or identity pair. A trustpoint contains the identity of the CA,
CA-specific configuration parameters, and an association with one enrolled identity
certificate. If the server certificate trustpoint is not used, the default trustpoint is
used instead.
CA Cert Trustpoint
Click the View/Change button to specify the CA certificate trustpoint from which
the RADIUS server automatically grants certificate enrollment requests. A
trustpoint is a representation of a CA or identity pair. A trustpoint contains the
identity of the CA, CA-specific configuration parameters, and an association with
one enrolled identity certificate.
If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as
a CA certificate. If the "Default trustpoint" does not have a CA certificate, the server
certificate is used as the CA certificate.
IP Address
Enter the IP address of the external LDAP server acting as the data source for the
RADIUS server. This server must be accessible from an active switch subnet .
Port
Enter the TCP/IP port number for the LDAP server acting as the data source.
Password Attribute
Enter the password attribute used by the LDAP server for authentication.
Bind DN
Specify the distinguished name to bind with the LDAP server.
Bind Password
Enter a valid password for the LDAP server.
Base DN
Specify a distinguished name that establishes the base object for the search. The
base object is the point in the LDAP tree at which to start searching.
User Login Filter
Enter the login used by the LDAP server for authentication.
Group Filter
Specify the group filters used by the LDAP server.
Group Membership
Attribute
Specify the Group Member Attribute sent to the LDAP server when authenticating
users.
Group Attribute
Specify the group attribute used by the LDAP server.
Net Timeout
Enter a timeout value (between 1-10 seconds) the system uses to terminate the
connection to the RADIUS Server if no activity is detected.