When a user logs on to a network that uses 802.1X port security, the device grants (or does not
grant) access to network services after the user is authenticated by an authentication server. The
user-based authentication in 802.1X port security provides an alternative to granting network
access based on a user IP address, MAC address, or subnetwork.

The Brocade implementation of 802.1X port security supports the following RFCs:

•

RFC 2284 PPP Extensible Authentication Protocol (EAP)

•

RFC 2865 Remote Authentication Dial In User Service (RADIUS)

•

RFC 2869 RADIUS Extensions

How 802.1X port security works

This section explains the basic concepts behind 802.1X port security, including device roles, how
the devices communicate, and the procedure used for authenticating clients.

NOTE

802.1X Port Security cannot be configured on MAC Port Security-enabled ports.

Device roles in an 802.1X configuration

The 802.1X standard defines the roles of Client/Supplicant, Authenticator, and Authentication
Server in a network.

The Client (known as a Supplicant in the 802.1X standard) provides username/password
information to the Authenticator. The Authenticator sends this information to the Authentication
Server. Based on the Client's information, the Authentication Server determines whether the Client
can use services provided by the Authenticator. The Authentication Server passes this information
to the Authenticator, which then provides services to the Client, based on the authentication result.