Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1921192219231924192519261927192819291930
FastIron Configuration Guide 1869
53-1002494-02
Multi-device port authentication configuration
You can better control port behavior when a RADIUS timeout occurs by configuring a port on the
Brocade device to automatically pass or fail user authentication. A pass essentially bypasses the
authentication process and permits user access to the network. A fail bypasses the authentication
process and blocks user access to the network, unless restrict-vlan is configured, in which case,
the user is placed into a VLAN with restricted or limited access. By default, the Brocade device will
reset the authentication process and retry to authenticate the user.
Specify the RADIUS timeout action at the Interface level of the CLI.
Permit User access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands such as the following.
Brocade(config)#interface ethernet 1/3
Brocade(config-if-e100-1/3)#mac-authentication auth-timeout-action success
Syntax: [no] mac-authentication auth-timeout-action success
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
Deny User access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass multi-device port authentication and block user
access to the network, enter commands such as the following.
Brocade(config)#interface ethernet 1/3
Brocade(config-if-e100-1/3)#mac-authentication auth-timeout-action failure
Syntax: [no] mac-authentication auth-timeout-action failure
Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
NOTE
If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access. Refer to Allow user access to a restricted VLAN after a
RADIUS timeout” on page 1869.
Allow user access to a restricted VLAN after a RADIUS timeout
To set the RADIUS timeout behavior to bypass multi-device port authentication and place the user
in a VLAN with restricted or limited access, enter commands such as the following.
Brocade(config)#interface ethernet 1/3
Brocade(config-if-e100-1/3)#mac-authentication auth-fail-action restrict-vlan 100
Brocade(config-if-e100-1/3)#mac-authentication auth-timeout-action failure
Syntax: [no] mac-authentication auth-fail-action restrict-vlan [<vlan-id>]
Syntax: [no] mac-authentication auth-timeout-action failure