beautypg.com

Enabling multi-device port authentication, Setting radius parameters – Brocade BigIron RX Series Configuration Guide User Manual

Page 1086

background image

1008

BigIron RX Series Configuration Guide

53-1002484-04

Configuring multi-device port authentication

32

Disabling aging for authenticated MAC addresses (optional)

Specifying the aging time for blocked MAC addresses (optional)

Enabling multi-device port authentication

You globally enable multi-device port authentication on the device.

To globally enable multi-device port authentication on the device, enter the following command.

BigIron RX(config)# mac-authentication enable

Syntax: [no] mac-authentication enable

Syntax: [no] mac-authentication enable <slot>/<portnum> | all

The all option enables the feature on all interfaces at once.

You can enable the feature on an interface at the interface CONFIG level.

Configuring an authentication method list for 802.1x

To use 802.1x port security, you must specify an authentication method to be used to authenticate
Clients. Brocade supports RADIUS authentication with 802.1x port security. To use RADIUS
authentication with 802.1x port security, you create an authentication method list for 802.1x and
specify RADIUS as an authentication method, then configure communication between the BigIron
RX and RADIUS server.

For example.

BigIron RX(config)# aaa authentication dot1x default radius

Syntax: [no] aaa authentication dot1x default <method-list>

For the <method-list>, enter at least one of the following authentication methods.

radius – Use the list of all RADIUS servers that support 802.1x for authentication.

none – Use no authentication. The Client is automatically authenticated without the device using
information supplied by the Client.

NOTE

If you specify both radius and none, make sure radius comes before none in the method list.

Setting RADIUS parameters

To use a RADIUS server to authenticate access to a BigIron RX, you must identify the server to the
device. For example.

BigIron RX(config)# radius-server host 209.157.22.99 auth-port 1812 acct-port

1813 default key mirabeau dot1x

Syntax: radius-server host <ip-addr> | <server-name> [auth-port <number> acct-port <number>

[authentication-only | accounting-only | default [key 0 | 1 <string> [dot1x]]] ]

The host <ip-addr> | <server-name> parameter is either an IP address or an ASCII text string.

The auth-port <number> parameter specifies what port to use for RADIUS authentication.

The acct-port <number> parameter specifies what port to use for RADIUS accounting.

See also other documents in the category Brocade Computer Accessories: