Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 853
840
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
8
authentication protocol [chap|mschap|mschapv2|pap]
authentication server <1-6> dscp <0-63>
authentication server <1-6> host <IP/HOSTNAME> secret [0 <SECRET>|2 <SECRET>|
<SECRET>] {port <1-65535>}
authentication server <1-6> nac
retry-timeout-factor
<50-200>
Configures the spacing between successive EAP retries
•
<50-200> – Specify a value from 50 - 200. The default is 100.
A value of 100 indicates the interval between two consecutive retires remains the same irrespective of the
number of retries.
A value lesser than 100 indicates the interval between two consecutive retries reduces with each
successive retry.
A value greater than 100 indicates the interval between two consecutive retries increases with each
successive retry.
timeout <1-60>
Configures the interval, in seconds, between successive EAP-identity request sent to a wireless client
•
<1-60> – Specify a value from 1 - 60 seconds.
protocol
[chap|mschap|
mschapv2|pap]
Configures one of the following protocols for non-EAP authentication:
•
chap – Uses Challenge Handshake Authentication Protocol (CHAP)
•
mschap – Uses Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
•
mschapv2 – Uses MS-CHAP version 2
•
pap – Uses Password Authentication Protocol (PAP) (default authentication protocol used)
server <1-6>
Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.
•
<1-6> – Specify the RADIUS server index from 1 - 6.
dscp <0-63>
Configures the Differentiated Service Code Point (DSCP) quality of service parameter generated in RADIUS
packets. The DSCP value specifies the class of service provided to a packet, and is represented by a 6-bit
parameter in the header of every IP packet. The default is 46.
server <1-6>
Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.
•
<1-6> – Specify the RADIUS server index from 1 - 6.
host <IP/HOSTNAME>
Sets the RADIUS authentication server’s IP address or hostname
secret
[0 <SECRET>|
2 <SECRET>|
<SECRET>]
Configures the RADIUS authentication server’s secret. This key is used to authenticate with the RADIUS
server.
•
0 <SECRET> – Configures a clear text secret
•
2 <SECRET> – Configures an encrypted secret
•
<SECRET> – Specify the secret key. The shared key should not exceed 127 characters.
port <1-65535>
Optional. Specifies the RADIUS authentication server’s UDP port (this port is used to connect to the
RADIUS server)
•
<1-65535> – Specify a value from 1 - 65535. The default port is 1812.
server <1-6>
Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.
•
<1-6> – Specify the RADIUS server index from 1 - 6.
nac
Enables Network Access Control (NAC) on the RADIUS authentication server identified by the
<1-6> parameter.
Using NAC, the controller hardware and software grant access to specific network resources. NAC performs
a user and client authorization check for resources that do not have a NAC agent. NAC verifies the client’s
compliance with the controller’s security policy. The controller supports only the EAP/802.1x type of NAC.
However, the controller also provides a means to bypass NAC authentication for client’s that do not have
NAC 802.1x support (printers, phones, PDAs etc.).