beautypg.com

Setting radius parameters – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 291

background image

Multi-Service IronWare Security Configuration Guide

273

53-1003035-02

Configuring multi-device port authentication

6

Configuring an authentication method list for 802.1x

To use 802.1x port security, you must specify an authentication method to be used to authenticate
Clients. The Brocade device supports RADIUS authentication with 802.1x port security. To use
RADIUS authentication with 802.1x port security, you create an authentication method list for
802.1x and specify RADIUS as an authentication method, then configure communication between
the device and the RADIUS server.

Example

Brocade(config)# aaa authentication dot1x default radius

Syntax: [no] aaa authentication dot1x default method-list

For the method-list, enter at least one of the following authentication methods:

radius – Use the list of all RADIUS servers that support 802.1x for authentication.

none – Use no authentication. The Client is automatically authenticated without the device using
information supplied by the Client.

NOTE

If you specify both radius and none, make sure radius comes before none in the method list.

Setting RADIUS parameters

To use a RADIUS server to authenticate access to a device, you must identify the server to the
device.

Example

Brocade(config)# radius-server host 10.157.22.99 auth-port 1812 acct-port 1813

default key mirabeau dot1x

Syntax: radius-server host ip-addr | server-name [auth-port number acct-port number

[authentication-only | accounting-only | default [key 0 | 1 string [dot1x]]] ]

The host ip-addr | server-name parameter is either an IP address or an ASCII text string.

The auth-port number parameter specifies what port to use for RADIUS authentication.

The acct-port number parameter specifies what port to use for RADIUS accounting.

The dot1x parameter indicates that this RADIUS server supports the 802.1x standard. A RADIUS
server that supports the 802.1x standard can also be used to authenticate non-802.1x
authentication requests.

NOTE

To implement 802.1x port security, at least one of the RADIUS servers identified to the device must
support the 802.1x standard.

Supported RADIUS attributes
Many IEEE 802.1x Authenticators will function as RADIUS clients. Some of the RADIUS attributes
may be received as part of IEEE 802.1x authentication. The device supports the following RADIUS
attributes for IEEE 802.1x authentication:

Username (1) – RFC 2865

FilterId (11) – RFC 2865

See also other documents in the category Brocade Computer Accessories: