beautypg.com

Multi-device port authentication password override – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1048

background image

1014

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring multi-device port authentication

Deny User access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and block user
access to the network, enter commands such as the following.

TurboIron(config)#interface ethernet 3

TurboIron(config-if-e100-3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-timeout-action failure

Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.

NOTE

If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access. Refer to

“Allow user access to a restricted VLAN after a

RADIUS timeout”

on page 1014.

Allow user access to a restricted VLAN after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and place the user
in a VLAN with restricted or limited access, enter commands such as the following.

TurboIron(config)#interface ethernet 3

TurboIron(config-if-e100-3)#mac-authentication auth-fail-action restrict-vlan 100

TurboIron(config-if-e100-3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-fail-action restrict-vlan [<vlan-id>]

Syntax: [no] mac-authentication auth-timeout-action failure

Multi-device port authentication password override

The multi-device port authentication feature communicates with the RADIUS server to authenticate
a newly found MAC address. The RADIUS server is configured with the usernames and passwords
of authenticated users. For multi-device port authentication, the username and password is the
MAC address itself; that is, the device uses the MAC address for both the username and the
password in the request sent to the RADIUS server. For example, given a MAC address of
0000000feaa1, the users file on the RADIUS server would be configured with a username and
password both set to 0000000feaa1. When traffic from this MAC address is encountered on a
MAC-authentication-enabled interface, the device sends the RADIUS server an Access-Request
message with 0000000feaa1 as both the username and password.

To change the password for multi-device port authentication, enter a command such as the
following at the GLOBAL Config Level of the CLI.

TurboIron(config)#mac-authentication password-override

Syntax: [no] mac-authentication password-override <password>

where <password >can have up to 32 alphanumeric characters, but cannot include blank spaces.

See also other documents in the category Brocade Computer Accessories: