Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS Controller CLI

851

852

853

854

855

856

857

858

859

860

840 Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

authentication protocol [chap|mschap|mschapv2|pap]

authentication server <1-6> dscp <0-63>

authentication server <1-6> host <IP/HOSTNAME> secret [0 <SECRET>|2 <SECRET>|

<SECRET>] {port <1-65535>}

authentication server <1-6> nac

retry-timeout-factor

<50-200>

Configures the spacing between successive EAP retries

• <50-200> – Specify a value from 50 - 200. The default is 100.

A value of 100 indicates the interval between two consecutive retires remains the same irrespective of the

number of retries.

A value lesser than 100 indicates the interval between two consecutive retries reduces with each

successive retry.

A value greater than 100 indicates the interval between two consecutive retries increases with each

successive retry.

timeout <1-60> Configures the interval, in seconds, between successive EAP-identity request sent to a wireless client

• <1-60> – Specify a value from 1 - 60 seconds.

protocol

[chap|mschap|

mschapv2|pap]

Configures one of the following protocols for non-EAP authentication:

• chap – Uses Challenge Handshake Authentication Protocol (CHAP)

• mschap – Uses Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

• mschapv2 – Uses MS-CHAP version 2

• pap – Uses Password Authentication Protocol (PAP) (default authentication protocol used)

server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.

• <1-6> – Specify the RADIUS server index from 1 - 6.

dscp <0-63> Configures the Differentiated Service Code Point (DSCP) quality of service parameter generated in RADIUS

packets. The DSCP value specifies the class of service provided to a packet, and is represented by a 6-bit

parameter in the header of every IP packet. The default is 46.

server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.

• <1-6> – Specify the RADIUS server index from 1 - 6.

host <IP/HOSTNAME> Sets the RADIUS authentication server’s IP address or hostname

secret

[0 <SECRET>|

2 <SECRET>|

<SECRET>]

Configures the RADIUS authentication server’s secret. This key is used to authenticate with the RADIUS

server.

• 0 <SECRET> – Configures a clear text secret

• 2 <SECRET> – Configures an encrypted secret

• <SECRET> – Specify the secret key. The shared key should not exceed 127 characters.

port <1-65535> Optional. Specifies the RADIUS authentication server’s UDP port (this port is used to connect to the

RADIUS server)

• <1-65535> – Specify a value from 1 - 65535. The default port is 1812.

server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured.

• <1-6> – Specify the RADIUS server index from 1 - 6.

nac Enables Network Access Control (NAC) on the RADIUS authentication server identified by the

<1-6> parameter.

Using NAC, the controller hardware and software grant access to specific network resources. NAC performs

a user and client authorization check for resources that do not have a NAC agent. NAC verifies the client’s

compliance with the controller’s security policy. The controller supports only the EAP/802.1x type of NAC.

However, the controller also provides a means to bypass NAC authentication for client’s that do not have

NAC 802.1x support (printers, phones, PDAs etc.).