beautypg.com

How multi-device port authentication works – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 254

background image

Feature

ICX 6430

ICX 6450

FCX

ICX 6610

ICX 6650

FSX 800
FSX 1600

ICX 7750

Multi-Device Port Authentication

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Automatic removal of Dynamic VLAN for
MAC authenticated ports

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Authenticating multiple MAC addresses
on an interface

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Authenticating clients that send tagged
packets on non-member ports

No

No

No

No

No

08.0.01

No

Specifying the format of the MAC
addresses sent to the RADIUS server

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Specifying the authentication-failure
action

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Password override

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Specifying the RADIUS timeout action

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

SNMP Traps

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

MAC Address Filters

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

MAC address filter override of 802.1X

No

No

No

No

No

No

No

MAC address filtering (filtering on source
and destination MAC addresses)

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

Aging time for blocked MAC Addresses

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.01

08.0.10

NOTE
FCX devices do not support:- multi-device authentication on dynamic (LACP) and static trunk ports-
multi-device authentication and port security configured on the same port- multi-device authentication
and lock-address configured on the same port

Multi-device port authentication is a way to configure a Brocade device to forward or block traffic from
a MAC address based on information received from a RADIUS server.

How multi-device port authentication works

Multi-device port authentication is a way to configure a Brocade device to forward or block traffic from
a MAC address based on information received from a RADIUS server.

The multi-device port authentication feature is a mechanism by which incoming traffic originating from
a specific MAC address is switched or forwarded by the device only if the source MAC address is
successfully authenticated by a RADIUS server. The MAC address itself is used as the username and
password for RADIUS authentication; the user does not need to provide a specific username and
password to gain access to the network. If RADIUS authentication for the MAC address is successful,
traffic from the MAC address is forwarded in hardware.

If the RADIUS server cannot validate the user's MAC address, then it is considered an authentication
failure, and a specified authentication-failure action can be taken. The default authentication-failure
action is to drop traffic from the non-authenticated MAC address in hardware. You can also configure

How multi-device port authentication works

254

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: