Aaa tacacs policy – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 519
Brocade Mobility Access Point System Reference Guide
509
53-1003100-01
7
15. Set the following RADIUS server configuration parameters:
16. Select OK to save the updates. Select Reset to revert to last saved configuration.
AAA TACACS Policy
Terminal Access Controller Access - Control System+ (TACACS+) is a protocol created by CISCO
Systems which provides access control to network devices such as routers, network access servers
and other networked computing devices through one or more centralized servers. TACACS+
provides separate authentication, authorization, and accounting services running on different
servers.
Protocol for MAC,
Captive-Portal
Authentication
Set the authentication protocol when the server is used for any non-EAP authentication. Options
include Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol
(CHAP), MSPAP and MSCHAP-V2. The default setting is PAP.
Accounting Packet Type
Set the type of RADIUS Accounting Request packets generated. Options include Stop Only,
Start/Stop and Start/Interim/Stop. The default setting is Start/Stop.
Request Interval
Set the periodicity of the interim accounting requests. The default is 30 minutes.
Accounting Server
Preference
Select the server preference for RADIUS Accounting. The options are:
•
Prefer Same Authentication Server Host - Uses the authentication server hostname as the
host used for RADIUS accounting. This is the default setting.
•
Prefer Same Authentication Server Index - Uses the same index as the authentication server
for RADIUS accounting.
•
Select Accounting Server Independently - Allows users to specify a RADIUS accounting server
separate from the RADIUS authentication server.
Format
Select the format of the MAC address used in the RADIUS accounting packets.
Case
Lists whether the MAC address is sent using uppercase or lowercase letters. The default setting is
uppercase.
Attributes
Lists whether the format specified applies only to the user name/password in mac-auth or for all
attributes that include a MAC address, such as calling-station-id or called-station-id.
Server Pooling Mode
Controls how requests are transmitted across RADIUS servers. Failover implies traversing the list of
servers if any server is unresponsive. Load Balanced uses all servers in a round-robin fashion. The
default setting is Failover.
Client Attempts
Defines the number of times (1 - 10) an EAP request is transmitted to a wireless client before giving
up. The default setting is 3.
Request Timeout
Defines the time after which an EAP Request to a wireless client is retried.
ID Request Timeout
Defines the time (1 - 60 seconds) after which an EAP ID Request to a wireless client is retried. The
default setting is 30 seconds.
Retransmission Scale
Factor
Configures the scaling of the retransmission attempts. Timeout at each attempt is a function of the
request timeout factor and client attempts number. 100 (default setting) implies a constant timeout
at each retry; smaller values indicate more aggressive (shorter) timeouts, larger numbers indicate
more conservative (longer) timeouts on each successive attempt.
Cisco VSA Audit Session Id
Configures a vendor specific attribute (VSA) for CISCO to allow CISCO’s Identity Services Engine
(ISE) to validate the compliance of a client to the network’s policies such as the validity of the virus
definition files for the antivirus software or the definition files for a anti-spy ware software.