beautypg.com

Authentication configuration on the same port, Configuration examples are shown in – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 285

background image

VLAN, authentication would not occur. In this case, port e1 must be added to that VLAN prior to
authentication.

The part of the running-config related to multi-device port authentication would be as follows.

mac-authentication enable

mac-authentication auth-fail-vlan-id 1023

interface ethernet 1

mac-authentication enable

mac-authentication auth-fail-action restrict-vlan

mac-authentication enable-dynamic-vlan

dual-mode

Examples of multi-device port authentication and 802.1X
authentication configuration on the same port

The following examples show configurations that use multi-device port authentication and 802.1X
authentication on the same port.

Example 1 -- Multi-device port authentication and 802.1x authentication on the same port

The following figure illustrates an example configuration that uses multi-device port authentication and
802.1X authentication n the same port. In this configuration, a PC and an IP phone are connected to
port e 1/3 on a Brocade device. Port e 1/3 is configured as a dual-mode port.

The profile for the PC MAC address on the RADIUS server specifies that the PC should be dynamically
assigned to VLAN "Login-VLAN", and the RADIUS profile for the IP phone specifies that it should be
dynamically assigned to the VLAN named "IP-Phone-VLAN". When User 1 is successfully authenticated
using 802.1X authentication, the PC is then placed in the VLAN named "User-VLAN".

NOTE
This example assumes that the IP phone initially transmits untagged packets (for example, CDP or
DHCP packets), which trigger the authentication process on the Brocade device and client lookup on
the RADIUS server. If the phone sends only tagged packets and the port (e 1/3) is not a member of that
VLAN, authentication would not occur. In this case, port e 1/3 must be added to that VLAN prior to
authentication.

Examples of multi-device port authentication and 802.1X authentication configuration on the same port

FastIron Ethernet Switch Security Configuration Guide

285

53-1003088-03

See also other documents in the category Brocade Computer Accessories: