beautypg.com

Setting the port control – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 996

background image

962

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring 802.1X port security

For example, to enable 802.1X port security on all interfaces on the device, enter the following
command.

TurboIron(config-dot1x)#enable all

Syntax: [no] enable all

To enable 802.1X port security on interface 11, enter the following command.

TurboIron(config-dot1x)#enable ethernet 11

Syntax: [no] enable ethernet <portnum>

The parameter is a valid port number.

To enable 802.1X port security on interfaces 11 through 16, enter the following command.

TurboIron(config-dot1x)#enable ethernet 11 to 16

Syntax: [no] enable ethernet to

The parameter is a valid port number.

Setting the port control

To activate authentication on an 802.1X-enabled interface, you specify the kind of port control to
be used on the interface. An interface used with 802.1X port security has two virtual access
points: a controlled port and an uncontrolled port:

The controlled port can be either the authorized or unauthorized state. In the authorized state,
it allows normal traffic to pass between the Client and the Authenticator. In the unauthorized
state, no traffic is allowed to pass.

The uncontrolled port allows only EAPOL traffic between the Client and the Authentication
Server.

Refer to

Figure 116

for an illustration of this concept.

By default, all controlled ports on the device are in the authorized state, allowing all traffic. When
you activate authentication on an 802.1X-enabled interface, its controlled port is placed in the
unauthorized state. When a Client connected to the interface is successfully authenticated, the
controlled port is then placed in the authorized state. The controlled port remains in the authorized
state until the Client logs off.

To activate authentication on an 802.1X-enabled interface, you configure the interface to place its
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.

TurboIron(config)#interface e 1

TurboIron(config-if-1)#dot1x port-control auto

Syntax: [no] dot1x port-control [force-authorized | force-unauthorized | auto]

When an interface control type is set to auto, the controlled port is initially set to unauthorized, but
is changed to authorized when the connecting Client is successfully authenticated by an
Authentication Server.

The port control type can be one of the following

force-authorized – The controlled port is placed unconditionally in the authorized state, allowing all
traffic. This is the default state for ports on the device.

force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.

See also other documents in the category Brocade Computer Accessories: