Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

xliv FastIron Configuration Guide

53-1002494-02

CPU rate-limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1787

Chapter 43 802.1X Port Security

IETF RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1789

How 802.1X port security works . . . . . . . . . . . . . . . . . . . . . . . . . .1790

Device roles in an 802.1X configuration . . . . . . . . . . . . . . . .1790

Communication between the devices . . . . . . . . . . . . . . . . . .1791

Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . .1791

Message exchange during authentication . . . . . . . . . . . . . . .1793

Authenticating multiple hosts connected to the same port .1795

802.1X port security and sFlow . . . . . . . . . . . . . . . . . . . . . . .1798

802.1X accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1799

802.1X port security configuration . . . . . . . . . . . . . . . . . . . . . . . .1799

Configuring an authentication method list for 802.1X . . . . 1800

Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . 1800

Dynamic VLAN assignment for 802.1X port configuration . 1802

Dynamically applying IP ACLs and MAC address filters

to 802.1X ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1806

Enabling 802.1X port security. . . . . . . . . . . . . . . . . . . . . . . . .1810

Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1810

Configuring periodic re-authentication . . . . . . . . . . . . . . . . . 1811

Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . 1812

Setting the quiet period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1812

Specifying the wait interval and number of EAP-request/

identity frame retransmissions from the Brocade device. . 1812

Wait interval and number of EAP-request/

identity frame retransmissions from the RADIUS server . . 1813

Specifying a timeout for retransmission of messages

to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . .1814

Initializing 802.1X on a port . . . . . . . . . . . . . . . . . . . . . . . . . .1814

Allowing access to multiple hosts . . . . . . . . . . . . . . . . . . . . . 1815

MAC address filters for EAP frames . . . . . . . . . . . . . . . . . . . .1817

Configuring VLAN access for non-EAP-capable clients . . . . 1818

802.1X accounting configuration. . . . . . . . . . . . . . . . . . . . . . . . . 1818

802.1X Accounting attributes for RADIUS . . . . . . . . . . . . . . 1819

Enabling 802.1X accounting. . . . . . . . . . . . . . . . . . . . . . . . . 1819

Displaying 802.1X information. . . . . . . . . . . . . . . . . . . . . . . . . . . 1821

Displaying 802.1X configuration information . . . . . . . . . . . 1821

Displaying 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . 1824

Clearing 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 1825

Displaying dynamically-assigned VLAN information . . . . . . 1825

Displaying information about dynamically applied

MAC address filters and IP ACLs. . . . . . . . . . . . . . . . . . . . . . 1826

Displaying 802.1X multiple-host

authentication information . . . . . . . . . . . . . . . . . . . . . . . . . . 1829

Sample 802.1X configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . 1833

Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 1833

Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1834

802.1X Authentication with dynamic VLAN assignment . . . 1835