beautypg.com

Controlled and uncontrolled ports, Figure 136 – Brocade BigIron RX Series Configuration Guide User Manual

Page 1126

background image

1048

BigIron RX Series Configuration Guide

53-1002484-04

How 802.1x port security works

34

Controlled and uncontrolled ports

A physical port on the device used with 802.1x port security has two virtual access points, a
controlled port and an uncontrolled port. The controlled port provides full access to the network.
The uncontrolled port provides access only for EAPOL traffic between the Client and the
Authentication Server. When a Client is successfully authenticated, the controlled port is opened to
the Client.

Figure 136

illustrates this concept.

FIGURE 136

Controlled and uncontrolled ports before and after client authentication

Before a Client is authenticated, only the uncontrolled port on the Authenticator is open. The
uncontrolled port allows only EAPOL frames to be exchanged between the Client and the
Authentication Server. The controlled port is in the unauthorized state and allows no traffic to pass
through.

During authentication, EAPOL messages are exchanged between the Supplicant PAE and the
Authenticator PAE, and RADIUS messages are exchanged between the Authenticator PAE and the
Authentication Server. Refer to

“Message exchange during authentication”

on page 1049 for an

example of this process. If the Client is successfully authenticated, the controlled port becomes
authorized, and traffic from the Client can flow through the port normally.

By default, all controlled ports on the BigIron RX are placed in the authorized state, allowing all
traffic. When authentication is activated on an 802.1x-enabled interface, the interface’s controlled
port is placed initially in the unauthorized state. When a Client connected to the port is successfully
authenticated, the controlled port is then placed in the authorized state until the Client logs off.
Refer to

“Enabling 802.1x port security”

on page 1059 for more information.

Authentication

Server

Authentication

Server

BigIron Device
(Authenticator)

BigIron Device
(Authenticator)

802.1X-Enabled

Supplicant

802.1X-Enabled

Supplicant

PAE

PAE

PAE

PAE

Services

Services

Uncontrolled Port

Physical Port

Controlled Port

(Unauthorized)

Uncontrolled Port

Controlled Port

(Authorized)

Physical Port

Before Authentication

After Authentication

See also other documents in the category Brocade Computer Accessories: