beautypg.com

Initializing 802.1x on a port, Allowing access to multiple hosts, Configuring 802.1x multiple-host authentication – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1000

background image

966

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring 802.1X port security

Specifying a timeout for retransmission of messages to the
authentication server

When performing authentication, the device receives EAPOL frames from the Client and passes the
messages on to the RADIUS server. The device expects a response from the RADIUS server within
30 seconds. If the RADIUS server does not send a response within 30 seconds, the device
retransmits the message to the RADIUS server. The time constraint for retransmission of messages
to the Authentication Server can be between 0 – 4294967295 seconds.

For example, to configure the device to retransmit a message if the Authentication Server does not
respond within 45 seconds, enter the following command.

TurboIron(config-dot1x)#servertimeout 45

Syntax: servertimeout

Initializing 802.1X on a port

To initialize 802.1X port security on a port, enter a command such as the following.

TurboIron#dot1x initialize e 1

Syntax: dot1x initialize ethernet

The parameter is a valid port number.

Allowing access to multiple hosts

Devices support 802.1X authentication for ports with more than one host connected to them. If
there are multiple hosts connected to a single 802.1X-enabled port, the device authenticates each
of them individually. Refer to

“Configuring 802.1X multiple-host authentication”

on page 966.

Configuring 802.1X multiple-host authentication

When multiple hosts are connected to the same 802.1X-enabled port, the functionality described
in

“How 802.1X Multiple-host authentication works”

on page 948 is enabled by default. You can

optionally do the following:

Specify the authentication-failure action

Specify the number of authentication attempts the device makes before dropping packets

Disabling aging for dot1x-mac-sessions

Configure aging time for blocked Clients

Clear the dot1x-mac-session for a MAC address

Specifying the authentication-failure action
In an 802.1X multiple-host configuration, if RADIUS authentication for a Client is unsuccessful,
traffic from that Client is either dropped in hardware (the default), or the Client port is placed in a
“restricted” VLAN. You can specify which of these two authentication-failure actions is to be used.
If the authentication-failure action is to place the port in a restricted VLAN, you can specify the ID of
the restricted VLAN.

To specify that the authentication-failure action is to place the Client port in a restricted VLAN, enter
the following command.

See also other documents in the category Brocade Computer Accessories: