beautypg.com

Configuring periodic re-authentication, Re-authenticating a port manually – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 192

background image

When an interface control type is set to auto, the controlled port is initially set to unauthorized, but is
changed to authorized when the connecting Client is successfully authenticated by an Authentication
Server.

The port control type can be one of the following

force-authorized - The controlled port is placed unconditionally in the authorized state, allowing all
traffic. This is the default state for ports on the Brocade device.

force-unauthorized - The controlled port is placed unconditionally in the unauthorized state.

auto - The controlled port is unauthorized until authentication takes place between the Client and
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
activates authentication on an 802.1X-enabled interface.

NOTE
You cannot enable 802.1X port security on ports that have any of the following features enabled:

• Link aggregation
• Metro Ring Protocol (MRP)
• Mirror port
• Trunk port

Configuring periodic re-authentication

You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of between 1
- 4294967295 seconds.

To configure periodic re-authentication using the default interval of 3,600 seconds, enter the following
command.

device(config-dot1x)#re-authentication

Syntax: [no] re-authentication

To configure periodic re-authentication with an interval of 2,000 seconds, enter the following
commands.

device(config-dot1x)#re-authentication

device(config-dot1x)#timeout re-authperiod 2000

Syntax: [no] timeout re-authperiod seconds

The re-authentication interval is a global setting, applicable to all 802.1X-enabled interfaces. To re-
authenticate Clients connected to a specific port manually, use the dot1x re-authenticate command.
Refer to

Re-authenticating a port manually

on page 192, below.

Re-authenticating a port manually

When periodic re-authentication is enabled, by default the Brocade device re-authenticates Clients
connected to an 802.1X-enabled interface every 3,600 seconds (or the time specified by the dot1x
timeout re-authperiod command). You can also manually re-authenticate Clients connected to a
specific port.

Configuring periodic re-authentication

192

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: