beautypg.com

1x port security and sflow, 1x accounting, 1x port security configuration – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 180: 1x port security and sflow 802.1x accounting

background image

period ends, the denied Client's dot1x-mac-session ages out, and the Client can be authenticated
again.

802.1X port security and sFlow

sFlow is a standards-based protocol that allows network traffic to be sampled at a user-defined rate for
the purpose of monitoring traffic flow patterns and identifying packet transfer rates on user-specified
interfaces.

When you enable sFlow forwarding on an 802.1X-enabled interface, the samples taken from the
interface include the user name string at the inbound or outbound port, or both, if that information is
available.

For more information on sFlow, refer to chapter "Network Monitoring" in the FastIron Ethernet Switch
Administration Guide .

802.1X accounting

When 802.1X port security is enabled on the Brocade device, you can enable 802.1X accounting. This
feature enables the Brocade device to log information on the RADIUS server about authenticated
802.1X clients. The information logged on the RADIUS server includes the 802.1X client session ID,
MAC address, and authenticating physical port number.

802.1X accounting works as follows.

1. A RADIUS server successfully authenticates an 802.1X client.
2. If 802.1X accounting is enabled, the Brocade device sends an 802.1X Accounting Start packet to

the RADIUS server, indicating the start of a new session.

3. The RADIUS server acknowledges the Accounting Start packet.
4. The RADIUS server records information about the client.
5. When the session is concluded, the Brocade device sends an Accounting Stop packet to the

RADIUS server, indicating the end of the session.

6. The RADIUS server acknowledges the Accounting Stop packet.

To enable 802.1X accounting, refer to

802.1X accounting configuration

on page 199.

802.1X port security configuration

Configuring 802.1X port security on a Brocade device consists of the following tasks.

1. Configure the device interaction with the Authentication Server:

Configuring an authentication method list for 802.1X

on page 181

Setting RADIUS parameters

on page 181

802.1X port security and sFlow

180

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: