1x port security and sflow, Configuring 802.1x port security, 1x port security and sflow 2 – Brocade BigIron RX Series Configuration Guide User Manual

Page 1130: Configuring 802.1x port security 2

1052

BigIron RX Series Configuration Guide

53-1002484-04

802.1x port security and sFlow

•

If a Client has been denied access to the network (that is, the Client’s
dot1x-mac-session is set to “access-denied”), then you can cause the Client to be
re-authenticated by manually disconnecting the Client from the network, or by using
the clear dot1x mac-session command. Refer to

“Clearing a dot1x-mac-session for a

MAC address”

on page 1064 for information on this command.

•

When a Client has been denied access to the network, its dot1x-mac-session is aged
out if no traffic is received from the Client’s MAC address over a fixed hardware aging
period (70 seconds), plus a configurable software aging period. You can optionally
change the software aging period for dot1x-mac-sessions or disable aging altogether.
After the denied Client’s dot1x-mac-session is aged out, traffic from that Client is no
longer blocked, and the Client can be re-authenticated.

802.1x port security and sFlow

sFlow is a system for observing traffic flow patterns and quantities within and among a set of the
BigIron RX devices. sFlow works by taking periodic samples of network data and exporting this
information to a collector.

When you enable sFlow forwarding on an 802.1x-enabled interface, the samples taken from the
interface include the user name string at the inbound or outbound port, if that information is
available.

Configuring 802.1x port security

Configuring 802.1x port security on a BigIron RX consists of the following tasks.

1. Configuring the BigIron RX device’s interaction with the Authentication Server:

•

“Configuring an authentication method list for 802.1x”

on page 1053

•

“Setting RADIUS parameters”

on page 1053

•

“Configuring dynamic VLAN assignment for 802.1x ports”

on page 1054 (optional)