beautypg.com

Authentication. refer to, Address – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 287

background image

that the PVID for User 1 port be changed to the VLAN named "User-VLAN", which is VLAN 3. If 802.1X
authentication for User 1 is unsuccessful, the PVID for port e 1/3 is changed to that of the restricted
VLAN, which is 1023, or untagged traffic from port e 1/3 can be blocked in hardware.

The part of the running-config related to port e 1/3 would be as follows.

interface ethernet 1/3

dot1x port-control auto

mac-authentication enable

dual-mode

When the PC is authenticated using multi-device port authentication, the port PVID is changed to
"Login-VLAN", which is VLAN 1024 in this example.

When User 1 is authenticated using 802.1X authentication, the port PVID is changed to "User-VLAN",
which is VLAN 3 in this example.

Example 2 -- Creating a profile on the RADIUS server for each MAC address

The configuration in the 802.1X Authentication is performed when a device fails multi-device port
authentication figure requires that you create a profile on the RADIUS server for each MAC address to
which a device or user can connect to the network. In a large network, this can be difficult to implement
and maintain.

As an alternative, you can create MAC address profiles only for those devices that do not support
802.1X authentication, such as IP phones and printers, and configure the device to perform 802.1X
authentication for the other devices that do not have MAC address profiles, such as user PCs. To do
this, you configure the device to perform 802.1X authentication when a device fails multi-device port
authentication.

The following figure shows a configuration where multi-device port authentication is performed for an IP
phone, and 802.1X authentication is performed for a user PC. There is a profile on the RADIUS server
for the IP phone MAC address, but not for the PC MAC address.

Example 2 -- Creating a profile on the RADIUS server for each MAC address

FastIron Ethernet Switch Security Configuration Guide

287

53-1003088-03

See also other documents in the category Brocade Computer Accessories: