beautypg.com

Configuring multi-device port authentication, Enabling multi-device port authentication – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 290

background image

272

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring multi-device port authentication

6

Support for multi-device port authentication and 802.1x on the same
interface

On the Brocade devices, multi-device port authentication and 802.1x security can be enabled on
the same port. However, only one of them can authenticate a MAC address or 802.1x client. If an
802.1x client responds, the software assumes that the MAC should be authenticated using 802.1x
protocol mechanisms and multi-device port authentication for that MAC is aborted. Also, at any
given time, a port can have either 802.1x clients or multi-device port authentication clients but not
both.

Configuring multi-device port authentication

Configuring multi-device port authentication on the Brocade devices consists of the following tasks:

Enabling multi-device port authentication globally and on individual interfaces

Configuring an Authentication Method List for 802.1x

Setting RADIUS Parameters

Specifying the format of the MAC addresses sent to the RADIUS server (optional)

Specifying the authentication-failure action (optional)

Defining MAC address filters (optional)

Configuring dynamic VLAN assignment (optional)

Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires
(optional)

Saving dynamic VLAN assignments to the running configuration file (optional)

Clearing authenticated MAC addresses (optional)

Disabling aging for authenticated MAC addresses (optional)

Specifying the aging time for blocked MAC addresses (optional)

Enabling multi-device port authentication

You globally enable multi-device port authentication on the router.

To globally enable multi-device port authentication on the device, enter the following command.

Brocade(config)# mac-authentication enable

Syntax: [no] mac-authentication enable

Syntax: [no] mac-authentication enable slot/portnum | all

The all option enables the feature on all interfaces at once.

You can enable the feature on an interface at the interface CONFIG level.

See also other documents in the category Brocade Computer Accessories: