beautypg.com

Setting radius parameters – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 322

background image

304

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring 802.1x port security

8

NOTE

Multi-Device Port Authentication and 802.1x authentication can both be enabled on a port; however
only one of them can authenticate a MAC address or 802.1x client. Refer to “Support for multi-device
port authentication and 802.1x on the same interface”.

Configuring an authentication method list
for 802.1x

To use 802.1x port security, you must specify an authentication method to be used to authenticate
clients. The device supports RADIUS authentication with 802.1x port security. To use RADIUS
authentication with 802.1x port security, you create an authentication method list for 802.1x and
specify RADIUS as an authentication method, then configure communication between the device
and RADIUS server.

Example

Brocade(config)# aaa authentication dot1x default radius

Syntax: [no] aaa authentication dot1x default method-list

For the method-list, enter at least one of the following authentication methods:

radius – Use the list of all RADIUS servers that support 802.1x for authentication.

none – Use no authentication. The client is automatically authenticated without the device using
information supplied by the client.

NOTE

If you specify both radius and none, make sure radius comes before none in the method list.

Setting RADIUS parameters

To use a RADIUS server to authenticate access to a device, you must identify the server to the
device.

Brocade(config)# radius-server host 10.157.22.99 auth-port 1812 acct-port 1813

default key mirabeau dot1x

Syntax: radius-server host ip-addr | server-name [auth-port number acct-port number

[authentication-only | accounting-only | default [key 0 | 1 string [dot1x]]] ]

The host ip-addr | server-name parameter is either an IP address or an ASCII text string.

The auth-port number parameter specifies what port to use for RADIUS authentication.

The acct-port number parameter specifies what port to use for RADIUS accounting.

The dot1x parameter indicates that this RADIUS server supports the 802.1x standard. A RADIUS
server that supports the 802.1x standard can also be used to authenticate non-802.1x
authentication requests.

NOTE

To implement 802.1x port security, at least one of the RADIUS servers identified to the device must
support the 802.1x standard.

See also other documents in the category Brocade Computer Accessories: