1x port security and sflow, Configuring 802.1x port security – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 321
Multi-Service IronWare Security Configuration Guide
303
53-1003035-02
802.1x port security and sFlow
8
•
If a client has been denied access to the network (that is, the client’s
dot1x-mac-session is set to “access-denied”), then you can cause the client to be
re-authenticated by manually disconnecting the client from the network, or by using
the clear dot1x mac-session command. Refer to
“Clearing a dot1x-mac-session for a
for information on this command.
•
When a client has been denied access to the network, its dot1x-mac-session is aged
out if no traffic is received from the client’s MAC address over a fixed hardware aging
period (70 seconds), plus a configurable software aging period. You can optionally
change the software aging period for dot1x-mac-sessions or disable aging altogether.
After the denied client’s dot1x-mac-session is aged out, traffic from that client is no
longer blocked, and the client can be re-authenticated.
802.1x port security and sFlow
sFlow is a system for observing traffic flow patterns and quantities within and among a set of the
devices. sFlow works by taking periodic samples of network data and exporting this information to a
collector.
When you enable sFlow forwarding on an 802.1x-enabled interface, the samples taken from the
interface include the user name string at the inbound or outbound port, if that information is
available.
For more information on sFlow, refer to the Multi-Service IronWare Switching Configuration Guide.
Configuring 802.1x port security
Configuring 802.1x port security on a device consists of the following tasks.
1. Configuring device interaction with the Authentication Server:
•
“Configuring an authentication method list for 802.1x”
•
•
“Configuring dynamic VLAN assignment for 802.1x ports”
(optional)
2. Configuring the device role as the Authenticator:
•
“Enabling 802.1x port security”
•
“Initializing 802.1x on a port”
3. Configuring device interaction with clients:
•
“Configuring periodic re-authentication”
(optional)
•
“Re-authenticating a port manually”
•
•
“Setting the interval for retransmission of EAP-request or identity frames”
(optional)
•
“Specifying the number of EAP-request or identity frame retransmissions”
(optional)
•
“Specifying a timeout for retransmission of EAP-request frames to the client”
(optional)
•
“Allowing multiple 802.1x clients to authenticate”
(optional)