Configuring global settings for network access – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual
Page 922
866
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002651-02
42
Network Access (MAC Address Authentication)
•
When authentication is successful, the dynamic QoS information may not be passed from the
RADIUS server due to one of the following conditions (authentication result remains
unchanged):
•
The Filter-ID attribute cannot be found to carry the user profile.
•
The Filter-ID attribute is empty.
•
The Filter-ID attribute format for dynamic QoS assignment is unrecognizable (can not
recognize the whole Filter-ID attribute).
•
Dynamic QoS assignment fails and the authentication result changes from success to failure
when the following conditions occur:
•
Illegal characters found in a profile value (for example, a non-digital character in an
802.1p profile value).
•
Failure to configure the received profiles on the authenticated port.
•
When the last user logs off on a port with a dynamic QoS assignment, the switch restores the
original QoS configuration for the port.
•
When a user attempts to log into the network with a returned dynamic QoS profile that is
different from users already logged on to the same port, the user is denied access.
•
While a port has an assigned dynamic QoS profile, any manual QoS configuration changes only
take effect after all users have logged off the port.
Configuring Global Settings for Network Access
MAC address authentication is configured on a per-port basis, however there are two configurable
parameters that apply globally to all ports on the switch. Use the Security > Network Access
(Configure Global) page to configure MAC address authentication aging and reauthentication time.
CLI References
•
“Network Access (MAC Address Authentication)”
Parameters
These parameters are displayed:
•
Aging Status – Enables aging for authenticated MAC addresses stored in the secure MAC
address table. (Default: Disabled)
This parameter applies to authenticated MAC addresses configured by the MAC Address
Authentication process described in this section, as well as to any secure MAC addresses
authenticated by 802.1X, regardless of the 802.1X Operation Mode (Single-Host, Multi-Host, or
MAC-Based authentication as described under
“Configuring Port Authenticator Settings for
Authenticated MAC addresses are stored as dynamic entries in the switch’s secure MAC
address table and are removed when the aging time expires.
The maximum number of secure MAC addresses supported for the switch system is 1024.
•
Reauthentication Time – Sets the time period after which a connected host must be
reauthenticated. When the reauthentication time expires for a secure MAC address, it is
reauthenticated with the RADIUS server. During the reauthentication process traffic through
the port remains unaffected. (Range: 120-1000000 seconds; Default: 1800 seconds)