beautypg.com

Eap pass-through support, Refer to also – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 176

background image

NOTE
IP MTU cannot be configured globally.

EAP pass-through support

EAP pass-through is supported on FastIron devices that have 802.1X enabled. EAP pass-through
support is fully compliant with RFC 3748, in which, by default, compliant pass-through authenticator
implementations forward EAP challenge request packets of any type, including those listed in the
previous section.

Configuration notes for setting the IP MTU size

If the 802.1X supplicant or authentication server will be sending packets that are greater than 1500
MTU, you should configure the device to accommodate a larger buffer size, in order to reduce
problems during initial setup. Refer to the FastIron Ethernet Switch Layer 3 Routing Configuration
Guide .

Support for RADIUS user-name attribute in access-accept messages

Brocade 802.1X-enabled ports support the RADIUS user-name (type 1) attribute in the Access-Accept
message returned during 802.1X authentication.

This feature is useful when the client/supplicant does not provide its user-name in the EAP-response/
identity frame, and the username is key to providing useful information. For example, when the user-
name attribute is sent in the Access-Accept message, it is then available for display in sFlow sample
messages sent to a collector, and in the output of some show dot1x CLI commands, such as show
dot1x mac-sessions.

This same information is sent as the "user-name" attribute of RADIUS accounting messages, and is
sent to the RADIUS accounting servers.

To enable this feature, add the following attribute on the RADIUS server.

Attribute name

Type

Value

user-name

1

name (string)

Authenticating multiple hosts connected to the same port

Brocade devices support 802.1X authentication for ports with more than one host connected to them.
The following figure illustrates a sample configuration where multiple hosts are connected to a single
802.1X port.

EAP pass-through support

176

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: