beautypg.com

Multi-device port authentication password override – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 272

background image

process and blocks user access to the network, unless restrict-vlan is configured, in which case, the
user is placed into a VLAN with restricted or limited access. By default, the Brocade device will reset
the authentication process and retry to authenticate the user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Permit User access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands such as the following.

device(config)#interface ethernet 1/3

device(config-if-e100-1/3)#mac-authentication auth-timeout-action success

Syntax: [no] mac-authentication auth-timeout-action success

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry .

Deny User access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and block user access
to the network, enter commands such as the following.

device(config)#interface ethernet 1/3

device(config-if-e100-1/3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-timeout-action failure

Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry .

NOTE
If restrict-vlan is configured along with auth-timeout-action failure , the user will be placed into a
VLAN with restricted or limited access. Refer to

Allow user access to a restricted VLAN after a

RADIUS timeout

on page 272.

Allow user access to a restricted VLAN after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and place the user in a
VLAN with restricted or limited access, enter commands such as the following.

device(config)#interface ethernet 1/3

device(config-if-e100-1/3)#mac-authentication auth-fail-action restrict-vlan 100

device(config-if-e100-1/3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-fail-action restrict-vlan [ vlan-id ]

Syntax: [no] mac-authentication auth-timeout-action failure

Multi-device port authentication password override

The multi-device port authentication feature communicates with the RADIUS server to authenticate a
newly found MAC address. The RADIUS server is configured with the user names and passwords of
authenticated users. For multi-device port authentication, the username and password is the MAC
address itself; that is, the device uses the MAC address for both the username and the password in

Permit User access to the network after a RADIUS timeout

272

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: