Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1851

FastIron Configuration Guide 1799

53-1002494-02

802.1X port security configuration

802.1X accounting

When 802.1X port security is enabled on the Brocade device, you can enable 802.1X accounting.

This feature enables the Brocade device to log information on the RADIUS server about

authenticated 802.1X clients. The information logged on the RADIUS server includes the 802.1X

client session ID, MAC address, and authenticating physical port number.

802.1X accounting works as follows.

1. A RADIUS server successfully authenticates an 802.1X client.

2. If 802.1X accounting is enabled, the Brocade device sends an 802.1X Accounting Start packet

to the RADIUS server, indicating the start of a new session.

3. The RADIUS server acknowledges the Accounting Start packet.

4. The RADIUS server records information about the client.

5. When the session is concluded, the Brocade device sends an Accounting Stop packet to the

RADIUS server, indicating the end of the session.

6. The RADIUS server acknowledges the Accounting Stop packet.

To enable 802.1X accounting, refer to “802.1X accounting configuration” on page 1818.

802.1X port security configuration

Configuring 802.1X port security on a Brocade device consists of the following tasks.

1. Configure the device interaction with the Authentication Server:

• “Configuring an authentication method list for 802.1X” on page 1800

• “Setting RADIUS parameters” on page 1800

• “Dynamic VLAN assignment for 802.1X port configuration” on page 1802 (optional)

• “Dynamically applying IP ACLs and MAC address filters to 802.1X ports” on page 1806

2. Configure the device role as the Authenticator:

• “Enabling 802.1X port security” on page 1810

• “Initializing 802.1X on a port” on page 1814 (optional)

3. Configure the device interaction with Clients:

• “Configuring periodic re-authentication” on page 1811 (optional)

• “Re-authenticating a port manually” on page 1812 (optional)

• “Setting the quiet period” on page 1812 (optional)

• “Setting the wait interval for EAP frame retransmissions” on page 1813 (optional)

• “Setting the maximum number of EAP frame retransmissions” on page 1813 (optional)

• “Specifying a timeout for retransmission of messages to the authentication server” on

page 1814 (optional)

• “Allowing access to multiple hosts” on page 1815 (optional)

• “MAC address filters for EAP frames” on page 1817 (optional)