beautypg.com

Supported radius attributes – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 182

background image

The dot1x parameter indicates that this RADIUS server supports the 802.1X standard. A RADIUS
server that supports the 802.1X standard can also be used to authenticate non-802.1X authentication
requests.

NOTE
To implement 802.1X port security, at least one of the RADIUS servers identified to the Brocade
device must support the 802.1X standard.

Supported RADIUS attributes

Many IEEE 802.1X Authenticators will function as RADIUS clients. Some of the RADIUS attributes
may be received as part of IEEE 802.1X authentication. Brocade devices support the following
RADIUS attributes for IEEE 802.1X authentication:

• Username (1) - RFC 2865
• NAS-IP-Address (4) - RFC 2865
• NAS-Port (5) - RFC 2865
• Service-Type (6) - RFC 2865
• FilterId (11) - RFC 2865
• Framed-MTU (12) - RFC 2865
• State (24) - RFC 2865
• Vendor-Specific (26) - RFC 2865
• Session-Timeout (27) - RFC 2865
• Termination-Action (29) - RFC 2865
• Calling-Station-ID (31) - RFC 2865
• NAS-Identifier (32) - RFC 2865
• NAS-Port-Type (61) - RFC 2865
• Tunnel-Type (64) - RFC 2868
• Tunnel-Medium-Type (65) - RFC 2868
• EAP Message (79) - RFC 2579
• Message-Authenticator (80) RFC 3579
• Tunnel-Private-Group-Id (81) - RFC 2868
• NAS-Port-id (87) - RFC 2869

Specifying the RADIUS timeout action

A RADIUS timeout occurs when the Brocade device does not receive a response from a RADIUS
server within a specified time limit and after a certain number of retries. The time limit and number of
retries can be manually configured using the CLI commands radius-server timeout and radius-
server retransmit , respectively. If the parameters are not manually configured, the Brocade device
applies the default value of three seconds time limit with a maximum of three retries.

You can better control port behavior when a RADIUS timeout occurs. That is, you can configure a port
on the Brocade device to automatically pass or fail users being authenticated. A pass essentially
bypasses the authentication process and permits user access to the network. A fail bypasses the
authentication process and blocks user access to the network, unless restrict-vlan is configured, in
which case, the user is placed into a VLAN with restricted or limited access. By default, the Brocade
device will reset the authentication process and retry to authenticate the user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Supported RADIUS attributes

182

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: