Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesBigIron RX Series

1121

1052 BigIron RX Series Configuration Guide

53-1002484-04

802.1x port security and sFlow

• If a Client has been denied access to the network (that is, the Client’s

dot1x-mac-session is set to “access-denied”), then you can cause the Client to be

re-authenticated by manually disconnecting the Client from the network, or by using

the clear dot1x mac-session command. Refer to “Clearing a dot1x-mac-session for a

MAC address” on page 1064 for information on this command.

• When a Client has been denied access to the network, its dot1x-mac-session is aged

out if no traffic is received from the Client’s MAC address over a fixed hardware aging

period (70 seconds), plus a configurable software aging period. You can optionally

change the software aging period for dot1x-mac-sessions or disable aging altogether.

After the denied Client’s dot1x-mac-session is aged out, traffic from that Client is no

longer blocked, and the Client can be re-authenticated.

802.1x port security and sFlow

sFlow is a system for observing traffic flow patterns and quantities within and among a set of the

BigIron RX devices. sFlow works by taking periodic samples of network data and exporting this

information to a collector.

When you enable sFlow forwarding on an 802.1x-enabled interface, the samples taken from the

interface include the user name string at the inbound or outbound port, if that information is

available.

Configuring 802.1x port security

Configuring 802.1x port security on a BigIron RX consists of the following tasks.

1. Configuring the BigIron RX device’s interaction with the Authentication Server:

• “Configuring an authentication method list for 802.1x” on page 1053

• “Setting RADIUS parameters” on page 1053

• “Configuring dynamic VLAN assignment for 802.1x ports” on page 1054 (optional)

2. Configuring the BigIron RX’s role as the Authenticator:

• “Enabling 802.1x port security” on page 1059

• “Initializing 802.1x on a port” on page 1063 (optional)

3. Configuring the BigIron RX device’s interaction with Clients:

• “Configuring periodic re-authentication” on page 1060 (optional)

• “Re-authenticating a port manually” on page 1061 (optional)

• “Setting the quiet period” on page 1061 (optional)

• “Setting the interval for retransmission of EAP-request/ identity frames” on page 1061

(optional)

• “Specifying the number of EAP-request/identity frame retransmissions” on page 1062

(optional)

• “Specifying a timeout for retransmission of EAP-request frames to the client” on

page 1062 (optional)

• “Allowing multiple 802.1x clients to authenticate” on page 1063 (optional)