Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1901190219031904190519061907190819091910
FastIron Configuration Guide 1851
53-1002494-02
How multi-device port authentication works
The request for authentication from the RADIUS server is successful only if the username and
password provided in the request matches an entry in the users database on the RADIUS server.
When this happens, the RADIUS server returns an Access-Accept message back to the Brocade
device. When the RADIUS server returns an Access-Accept message for a MAC address, that MAC
address is considered authenticated, and traffic from the MAC address is forwarded normally by
the Brocade device.
Authentication-failure actions
If the MAC address does not match the username and password of an entry in the users database
on the RADIUS server, then the RADIUS server returns an Access-Reject message. When this
happens, it is considered an authentication failure for the MAC address. When an authentication
failure occurs, the Brocade device can either drop traffic from the MAC address in hardware (the
default), or move the port on which the traffic was received to a restricted VLAN.
Supported RADIUS attributes
Brocade devices support the following RADIUS attributes for multi-device port authentication:
Username (1) – RFC 2865
NAS-IP-Address (4) – RFC 2865
NAS-Port (5) – RFC 2865
Service-Type (6) – RFC 2865
FilterId (11) – RFC 2865
Framed-MTU (12) – RFC 2865
State (24) – RFC 2865
Vendor-Specific (26) – RFC 2865
Session-Timeout (27) – RFC 2865
Termination-Action (29) – RFC 2865
Calling-Station-ID (31) – RFC 2865
NAS-Port-Type (61) – RFC 2865
Tunnel-Type (64) – RFC 2868
Tunnel-Medium-Type (65) – RFC 2868
EAP Message (79) – RFC 2579
Message-Authenticator (80) RFC 3579
Tunnel-Private-Group-Id (81) – RFC 2868
NAS-Port-id (87) – RFC 2869