beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 278

background image

Authentication attempts : 0

RADIUS timeouts : 0

RADIUS timeouts action : Success

MAC Address on PVID : 1

MAC Address authorized on PVID : 1

Aging of MAC-sessions : Enabled

Port move-back vlan : Port-configured-vlan

Max-Age of sw mac session : 120 seconds

hw age for denied mac : 70 seconds

MAC Filter applied : No

Dynamic ACL applied : No

num Dynamic Tagged Vlan : 2

Dynamic Tagged Vlan list : 1025 (1/1) 4060 (1/0)

------------------------------------------------------------------------------

MAC Address RADIUS Server Authenticated Time Age Dot1x

------------------------------------------------------------------------------

0000.0074.3181 10.12.12.5 Yes 00d01h03m17s Ena Ena

The following table describes the information displayed by the show auth-mac-addresses detailed
command.

Output from the show auth-mac-addresses detailed command

TABLE 33

Field

Description

Port

The port to which this information applies.

Dynamic-Vlan Assignment

Whether RADIUS dynamic VLAN assignment has been enabled for the port.

RADIUS failure action

What happens to traffic from a MAC address for which RADIUS authentication has
failed either block the traffic or assign the MAC address to a restricted VLAN.

Failure restrict use dot1x

Indicates if 802.1x traffic that failed multi-device port authentication, but succeeded
802.1x authentication to gain access to the network.

Override-restrict-vlan

Whether a port can be dynamically assigned to a VLAN specified by a RADIUS
server, if the port had been previously placed in the restricted VLAN because a
previous attempt at authenticating a MAC address on that port failed.

Port Default Vlan

The VLAN to which the port is assigned, and whether the port had been
dynamically assigned to the VLAN by a RADIUS server.

Port VLAN state

Indicates the state of the port VLAN. The State can be one of the following
"Default", "RADIUS Assigned" or "Restricted".

802.1X override Dynamic
PVID

Indicates if 802.1X can dynamically assign a Port VLAN ID (PVID).

override return to PVID

If a port PVID is assigned through the multi-device port authentication feature, and
802.1X authentication subsequently specifies a different PVID, then the PVID
specified through 802.1X authentication overrides the PVID specified through
multi-device port authentication. This line indicates the PVID the port will use if
802.1X dynamically assigns PVID.

Original PVID

The originally configured (not dynamically assigned) PVID for the port.

DOS attack protection

Whether denial of service attack protection has been enabled for multi-device port
authentication, limiting the rate of authentication attempts sent to the RADIUS
server.

Multi-Device Port Authentication

278

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: