Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1901190219031904190519061907190819091910
1852 FastIron Configuration Guide
53-1002494-02
How multi-device port authentication works
Support for dynamic VLAN assignment
The Brocade multi-device port authentication feature supports dynamic VLAN assignment, where a
port can be placed in one or more VLANs based on the MAC address learned on that interface. For
details about this feature, refer to “Configuring the RADIUS server to support dynamic VLAN
assignment” on page 1859.
Support for dynamic ACLs
The multi-device port authentication feature supports the assignment of a MAC address to a
specific ACL, based on the MAC address learned on the interface. For details about this feature,
refer to “Dynamically applying IP ACLs to authenticated MAC addresses” on page 1861.
Support for authenticating multiple MAC addresses
on an interface
The multi-device port authentication feature allows multiple MAC addresses to be authenticated or
denied authentication on each interface. The maximum number of MAC addresses that can be
authenticated on each interface is limited only by the amount of system resources available on the
Brocade device.
Support for dynamic ARP inspection with dynamic ACLs
NOTE
This feature is not supported on FWS and FCX devices.
Multi-device port authentication and Dynamic ARP Inspection (DAI) are supported in conjunction
with dynamic ACLs. Support is available in the Layer 3 software images only.
DAI is supported together with multi-device port authentication as long as ACL-per-port-per-vlan is
enabled. Otherwise, you do not need to perform any extra configuration steps to enable support
with dynamic ACLs. When these features are enabled on the same port/VLAN, support is
automatically enabled.
Support for DHCP snooping with dynamic ACLs
NOTE
This feature is not supported on FWS and FCX devices.
Multi-device port authentication and DHCP snooping are supported in conjunction with dynamic
ACLs. Support is available in the Layer 3 software images only.
DHCP Snooping is supported together with multi-device port authentication as long as
ACL-per-port-per-vlan is enabled. Otherwise, you do not need to perform any extra configuration
steps to enable support with dynamic ACLs. When these features are enabled on the same
port/VLAN, support is automatically enabled.