Configuration Guide User guide
FastIron Configuration Guide 1789
53-1002494-02
Chapter
43
802.1X Port Security
Table 294 lists individual Brocade switches and the 802.1X port security features they support.
These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software
images, except where explicitly noted.
IETF RFC support
Brocade FastIron devices support the IEEE 802.1X standard for authenticating devices attached to
LAN ports. Using 802.1X port security, you can configure a FastIron device to grant access to a port
based on information supplied by a client to an authentication server.
When a user logs on to a network that uses 802.1X port security, the Brocade device grants (or
does not grant) access to network services after the user is authenticated by an authentication
server. The user-based authentication in 802.1X port security provides an alternative to granting
network access based on a user IP address, MAC address, or subnetwork.
The Brocade implementation of 802.1X port security supports the following RFCs:
• RFC 2284 PPP Extensible Authentication Protocol (EAP)
• RFC 2865 Remote Authentication Dial In User Service (RADIUS)
• RFC 2869 RADIUS Extensions
TABLE 294 Supported 802.1X port security features
Feature FESX
FSX 800
FSX 1600
FWS FCX ICX 6610 ICX 6430
ICX 6450
802.1X port security Yes Yes Yes Yes Yes
Multiple host authentication Yes Yes Yes Yes Yes
EAP pass-through support Yes Yes Yes Yes Yes
802.1X accounting Yes Yes Yes Yes Yes
802.1X dynamic assignment for ACL, MAC
address filter, and VLAN
Yes Yes Yes Yes Yes
Automatic removal of Dynamic VLAN for
802.1X ports
Yes Yes Yes Yes Yes
RADIUS timeout action Yes Yes Yes Yes Yes
802.1X and multi-device port
authentication on the same port
Yes Yes Yes Yes Yes
802.1X and sFlow
• 802.1X username export support for
encrypted and non-encrypted EAP
types
Yes Yes Yes Yes Yes