beautypg.com

1x accounting configuration, 1x accounting attributes for radius, To enable 802.1x accounting, refer to – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 199

background image

This feature is disabled by default. To enable this feature and change the timeout period, enter
commands such as the following.

device(config)#dot1x-enable

device(config-dot1x)#restrict-forward-non-dot1x

device(config-dot1x)#timeout restrict-fwd-period 15

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry .

Syntax: timeout restrict-fwd-period num

The num parameter is a value from 0 to 4294967295. The default value is 10.

802.1X accounting configuration

802.1X accounting enables the recording of information about 802.1X clients who were successfully
authenticated and allowed access to the network. When 802.1X accounting is enabled on the Brocade
device, it sends the following information to a RADIUS server whenever an authenticated 802.1X client
(user) logs into or out of the Brocade device:

• The user name
• The session ID
• The user MAC address
• The authenticating physical port number

An Accounting Start packet is sent to the RADIUS server when a user is successfully authenticated.
The Start packet indicates the start of a new session and contains the user MAC address and physical
port number. The 802.1X session state will change to Authenticated and Permit after receiving a
response from the accounting server for the accounting Start packet. If the Accounting service is not
available, the 802.1X session status will change to Authenticated and Permit after a RADIUS timeout.
The device will retry authentication requests three times (the default), or the number of times configured
on the device.

An Accounting Stop packet is sent to the RADIUS server when one of the following events occur:

• The user logs off
• The port goes down
• The port is disabled
• The user fails to re-authenticate after a RADIUS timeout
• The 802.1X port control-auto configuration changes
• The MAC session clears (through use of the clear dot1x mac-session CLI command)

The Accounting Stop packet indicates the end of the session and the time the user logged out.

802.1X Accounting attributes for RADIUS

Brocade devices support the following RADIUS attributes for 802.1X accounting.

802.1X accounting attributes for RADIUS

TABLE 14

Attribute name

Attribute ID Data Type Description

Acct-Session-ID

44

Integer

The account session ID, which is a number from 1 to 4294967295.

802.1X accounting configuration

FastIron Ethernet Switch Security Configuration Guide

199

53-1003088-03

See also other documents in the category Brocade Computer Accessories: