beautypg.com

Support for dynamic vlan assignment, Support for dynamic acls – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 256

background image

• Vendor-Specific (26) - RFC 2865
• Session-Timeout (27) - RFC 2865
• Termination-Action (29) - RFC 2865
• Calling-Station-ID (31) - RFC 2865
• NAS-Identifier (32) - RFC 2865
• NAS-Port-Type (61) - RFC 2865
• Tunnel-Type (64) - RFC 2868
• Tunnel-Medium-Type (65) - RFC 2868
• EAP Message (79) - RFC 2579
• Message-Authenticator (80) RFC 3579
• Tunnel-Private-Group-Id (81) - RFC 2868
• NAS-Port-id (87) - RFC 2869

NOTE
NAS-Identifier attribute supports a maximum number of 253 characters.

Support for dynamic VLAN assignment

The Brocade multi-device port authentication feature supports dynamic VLAN assignment, where a
port can be placed in one or more VLANs based on the MAC address learned on that interface. For
details about this feature, refer to

Configuring the RADIUS server to support dynamic VLAN

assignment

on page 263.

Support for dynamic ACLs

The multi-device port authentication feature supports the assignment of a MAC address to a specific
ACL, based on the MAC address learned on the interface. For details about this feature, refer to

Dynamically applying IP ACLs to authenticated MAC addresses

on page 265.

Support for authenticating multiple MAC addresseson an interface

The multi-device port authentication feature allows multiple MAC addresses to be authenticated or
denied authentication on each interface. The maximum number of MAC addresses that can be
authenticated on each interface is limited only by the amount of system resources available on the
Brocade device.

Support for dynamic ARP inspection with dynamic ACLs

NOTE
This feature is not supported on ICX 6610 and FCX devices.

Multi-device port authentication and Dynamic ARP Inspection (DAI) are supported in conjunction with
dynamic ACLs. Support is available in the Layer 3 software images only.

DAI is supported together with multi-device port authentication as long as ACL-per-port-per-vlan is
enabled. Otherwise, you do not need to perform any extra configuration steps to enable support with
dynamic ACLs. When these features are enabled on the same port/VLAN, support is automatically
enabled.

Support for dynamic VLAN assignment

256

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: