Radius deployment considerations, Smart caching – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

653

53-1003099-01

11

5. Set the following Access address information required for the connection to the external LDAP

server resource:

6. Set the following Attributes for LDAP groups to optimally refine group queries:

7. Click the OK button to save the changes to the LDAP server configuration. Select Reset to

revert to the last saved configuration.

RADIUS Deployment Considerations

Before defining the RADIUS server configuration, refer to the following deployment guidelines to
ensure the configuration is optimally effective:

•

Brocade recommends each RADIUS client use a different shared secret. If a shared secret is
compromised, only the one client poses a risk, as opposed all the additional clients that
potentially share the secret password.

•

Consider using an LDAP server as a database of user credentials that can be used optionally
with the RADIUS server to free up resources and manage user credentials from a secure
remote location.

Smart Caching

Smart Caching is used on NX4500 and NX6500 series service platforms to temporarily store
frequently accessed Web content (Web pages, graphics, audio and video files etc.) on network
infrastructure devices. When this content is requested, its retrieved from a local content cache and
not from the origin server. Smart caching results in reduced bandwidth usage, lower latency
periods and reduced data transfers from the origin servers. Both forward caching and transparent
caching are supported.

Bind DN

Specify the distinguished name to bind with the LDAP server. The DN is the name that uniquely
identifies an entry in the LDAP directory. A DN is made up of attribute value pairs, separated by
commas.

Base DN

Specify a distinguished name (DN) that establishes the base object for the search. The base
object is the point in the LDAP tree at which to start searching. LDAP DNs begin with the most
specific attribute (usually some sort of name), and continue with progressively broader
attributes, often ending with a country attribute. The first component of the DN is referred to as
the Relative Distinguished Name (RDN). It identifies an entry distinctly from any other entries
that have the same parent.

Bind Password

Enter a valid password for the LDAP server. Select the Show checkbox to expose the password’s
actual character string, leaving the option unselected displays the password as a string of
asterisks (*). The password cannot 32 characters.

Password Attribute

Enter the LDAP server password attribute. The password cannot exceed 64 characters.

Group Attribute

LDAP systems have the facility to poll dynamic groups. In an LDAP dynamic group, an
administrator can specify search criteria. All users matching the search criteria are considered
a member of this dynamic group. Specify a group attribute used by the LDAP server. An attribute
could be a group name, group ID, password or group membership name.

Group Filter

Specify the group filters used by the LDAP server. This filter is typically used for security
role-to-group assignments and specifies the property to look up groups in the directory service.

Group Membership Attribute

Specify the group member attribute sent to the LDAP server when authenticating users.