Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1861186218631864186518661867186818691870
1810 FastIron Configuration Guide
53-1002494-02
802.1X port security configuration
Enabling 802.1X port security
By default, 802.1X port security is disabled on Brocade devices. To enable the feature on the
device and enter the dot1x configuration level, enter the following command.
Brocade(config)#dot1x-enable
Brocade(config-dot1x)#
Syntax: [no] dot1x-enable
At the dot1x configuration level, you can enable 802.1X port security on all interfaces at once, on
individual interfaces, or on a range of interfaces.
For example, to enable 802.1X port security on all interfaces on the device, enter the following
command.
Brocade(config-dot1x)#enable all
Syntax: [no] enable all
To enable 802.1X port security on interface 3/11, enter the following command.
Brocade(config-dot1x)#enable ethernet 3/11
Syntax: [no] enable ethernet <port>
Specify the port variable in one of the following formats:
FWS, FCX, and ICX stackable switches – stack-unit/slotnum/portnum
FSX 800 and FSX 1600 chassis devices – slotnum/portnum
ICX devices – slotnum/portnum
FESX compact switches – portnum
To enable 802.1X port security on interfaces 3/11 through 3/16, enter the following command.
Brocade(config-dot1x)#enable ethernet 3/11 to 3/16
Syntax: [no] enable ethernet <port> to <port>
Specify the port variable in one of the following formats:
FWS, FCX, and ICX stackable switches – stack-unit/slotnum/portnum
FSX 800 and FSX 1600 chassis devices – slotnum/portnum
ICX devices – slotnum/portnum
FESX compact switches – portnum
Setting the port control
To activate authentication on an 802.1X-enabled interface, you specify the kind of port control to
be used on the interface. An interface used with 802.1X port security has two virtual access
points: a controlled port and an uncontrolled port:
The controlled port can be either the authorized or unauthorized state. In the authorized state,
it allows normal traffic to pass between the Client and the Authenticator. In the unauthorized
state, no traffic is allowed to pass.
The uncontrolled port allows only EAPOL traffic between the Client and the Authentication
Server.
Refer to Figure 190 for an illustration of this concept.