Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

301

53-1003035-02

How 802.1x port security works

8

If a client does not support 802.1x, authentication cannot take place. The device sends
EAP-Request or Identity frames to the client, but the client does not respond to them.

When a client that supports 802.1x attempts to gain access through a non-802.1x-enabled port, it
sends an EAP start frame to the device. When the device does not respond, the client considers the
port to be authorized, and starts sending normal traffic.

Brocade devices support MD5-challenge TLS and any other EAP-encapsulated authentication types
in EAP Request or Response messages. In other words, the devices are transparent to the
authentication scheme used.

Authenticating multiple clients connected to
the same port

Brocade devices support 802.1x authentication for ports with more than one client connected to
them.

Figure 6

illustrates a sample configuration where multiple clients are connected to a single

802.1x port.

FIGURE 6

Multiple clients connected to a single 802.1x-enabled port

If there are multiple clients connected to a single 802.1x-enabled port, the device authenticates
each of them individually. Each client’s authentication status is independent of the others, so that
if one authenticated client disconnects from the network, it has no effect on the authentication
status of any of the other authenticated clients.