Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1871187218731874187518761877187818791880
1818 FastIron Configuration Guide
53-1002494-02
802.1X accounting configuration
Creating MAC address filters for EAPS on most devices
For example, the following command creates a MAC address filter that denies frames with the
destination MAC address of 0180.c200.0003, which is the 802.1X group MAC address on the
Brocade device.
Brocade(config)#mac filter 1 deny any 0180.c200.0003 ffff.ffff.ffff
The following commands apply this filter to interface e 3/1.
Brocade(config)#interface e 3/11
Brocade(config-if-3/1)#mac filter-group 1
Refer to “Defining MAC address filters” on page 1857 for more information.
Configuring VLAN access for non-EAP-capable clients
You can configure the Brocade device to grant "guest" or restricted VLAN access to clients that do
not support Extensible EAP. The restricted VLAN limits access to the network or applications,
instead of blocking access to these services altogether.
When the Brocade device receives the first packet (non-EAP packet) from a client, the device waits
for 10 seconds or the amount of time specified with the timeout restrict-fwd-period command. If
the Brocade device does not receive subsequent packets after the timeout period, the device
places the client on the restricted VLAN.
This feature is disabled by default. To enable this feature and change the timeout period, enter
commands such as the following.
Brocade(config)#dot1x-enable
Brocade(config-dot1x)#restrict-forward-non-dot1x
Brocade(config-dot1x)#timeout restrict-fwd-period 15
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
Syntax: timeout restrict-fwd-period <num>
The <num> parameter is a value from 0 to 4294967295. The default value is 10.
802.1X accounting configuration
802.1X accounting enables the recording of information about 802.1X clients who were
successfully authenticated and allowed access to the network. When 802.1X accounting is
enabled on the Brocade device, it sends the following information to a RADIUS server whenever an
authenticated 802.1X client (user) logs into or out of the Brocade device:
The user name
The session ID
The user MAC address
The authenticating physical port number