Brocade TurboIron 24X Series Configuration Guide User Manual

Brocade TurboIron 24X Series Configuration Guide

987

53-1003053-01

Using multi-device port authentication and 802.1X security on the same port

NOTE

This example assumes that the IP phone initially transmits untagged packets (for example, CDP or
DHCP packets), which trigger the authentication process on the device and client lookup on the
RADIUS server. If the phone sends only tagged packets and the port (e 3) is not a member of that
VLAN, authentication would not occur. In this case, port e 3 must be added to that VLAN prior to
authentication.

FIGURE 123

Multi-device port authentication and 802.1X authentication on the same port

When the devices attempt to connect to the network, they are first subject to multi-device port
authentication.

When the MAC address of the IP phone is authenticated, the Access-Accept message from the
RADIUS server specifies that the IP phone port be placed into the VLAN named “IP-Phone-VLAN”.
which is VLAN 7. The Foundry-802_1x-enable attribute is set to 0, meaning that 802.1X
authentication is skipped for this MAC address. Port 3 is placed in VLAN 7 as a tagged port. No
further authentication is performed.