Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 1059
1050
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
17
Specifies the RADIUS datasource used for user authentication. Options include local for the local
user database or LDAP for a remote LDAP resource.
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
authentication [data-source|eap-auth-type]
authentication data-source [ldap|local]
authentication data-source [ldap {fallack}|local] {(ssid <SSID> precedence
<1-5000>)}
authentication eap-auth-type
[all|peap-gtc|peap-mschapv2|tls|ttls-md5|ttls-mschapv2|
ttls-pap]
Parameters
authentication data-source [ldap {fallback}|local] {(ssid <SSID> precedence
<1-5000>)}
authentication eap-auth-type [all|peap-gtc|peap-mschapv2|tls|ttls-md5|
ttls-mschapv2|ttls-pap]
data-source
The RADIUS sever can either use the local database or an external LDAP server to authenticate a user. It is
necessary to specify the data source. The options are: LDAP and local.
NOTE: The default setting is local.
ldap fallback
Uses a remote LDAP server as the data source
•
fallback – Optional. Enables fallback to local authentication. This feature ensures that when the
configured LDAP data source is unreachable, the client is authenticated against the local RADIUS
resource. This option is disabled by default.
local
Uses the local user database to authenticate a user
ssid <SSID>
precedence <1-5000>
The following keywords are recursive and common to both ‘ldap’ and ‘local’ parameters:
•
ssid – Optional. Associates the data source, selected in the previous step, with a SSID.
•
<SSID> – Specify the SSID for this authentication data source. The SSID is case
sensitive and should not exceed 32 characters in length. Do not use any of the following
characters (< > | " & \ ? ,).
•
precedence <SSID> – Sets the precedence for this authentication rule. The
precedence value allows systematic evaluation and application of rules. Rules with the lowest
precedence receive the highest priority.
•
<1-5000> – Specify a precedence from 1 -5000.
Specifying the SSID allows the RADIUS server to use the SSID attribute in access requests to determine the
data source to use. This option is applicable to onboard RADIUS servers only.
eap-auth-type
Uses Extensible Authentication Protocol (EAP), with this RADIUS server policy, for user authentication
The EAP authentication types supported by the local RADIUS server are: all, peap-gtc, peap-mschapv2, tls,
ttls-md5, ttls-mschapv2, ttls-pap.
all
Enables both TTLS and PEAP authentication