beautypg.com

Configuring 802.1x port authentication, 1x protocol overview, Configuring 802.1x authentication – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 519

background image

Configuring 802.1x Port Authentication

802.1x protocol overview.............................................................................................. 519

Configuring 802.1x authentication.................................................................................519

802.1x protocol overview

The 802.1x protocol defines a port-based authentication algorithm involving network data
communication between client-based supplicant software, an authentication database on a server, and
the authenticator device. In this situation the authenticator device is the Brocade VDX hardware.

As the authenticator, the Brocade VDX hardware prevents unauthorized network access. Upon
detection of the new supplicant, the Brocade VDX hardware enables the port and marks it
"unauthorized." In this state, only 802.1x traffic is allowed. All other traffic (for example, DHCP and
HTTP) is blocked. The Brocade VDX hardware transmits an Extensible Authentication Protocol (EAP)
Request to the supplicant, which responds with the EAP Response packet. The Brocade VDX hardware
then forwards the EAP Response packet to the RADIUS authentication server. If the credentials are
validated by the RADIUS server database, the supplicant may access the protected network resources.

When the supplicant logs off, it sends an EAP Logoff message to the Brocade VDX hardware, which
then sets the port back to the "unauthorized" state.

NOTE
802.1x port authentication is not supported by LAG (Link Aggregation Group) or interfaces that
participate in a LAG.

NOTE
The EAP-MD5, EAP-TLS, EAP-TTLS and PEAP-v0 protocols are supported by the RADIUS server and
are transparent to the authenticator switch.

Configuring 802.1x authentication

The tasks in this section describe the common 802.1x operations that you will need to perform. For a
complete description of all the available 802.1x CLI commands for the Brocade VDX hardware, refer to
the Network OS Command Reference.

Understanding 802.1x configuration guidelines and restrictions

When configuring 802.1x, be aware of this 802.1x configuration guideline and restriction: If you globally
disable 802.1x, then all interface ports with 802.1x authentication enabled automatically switch to force-
authorized port-control mode.

Network OS Administrator’s Guide

519

53-1003225-04

See also other documents in the category Brocade Computer Accessories: