Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility Access Point System Reference Guide

81

53-1003100-01

5

NOTE

Some vendor solutions with VRRP enabled send ARP packets with Ethernet SMAC as a physical MAC
and inner ARP SMAC as VRRP MAC. If this configuration is enabled, a packet is allowed, despite a
conflict existing.

16. Set the following 802.1X Settings:

802.1x is a IEEE protocol that defines port based network access control to wired LANs. Refer to
the 802.1x Settings to configure the following:

Host Mode

Use the drop-down menu to select the host mode configuration to apply to this port. Options include
single-host or multi-host. The default setting is single-host.

Guest VLAN

Specify a guest VLAN for this port from 1 - 4094. This is the VLAN traffic is bridged on if this port is
unauthorized and the guest VLAN is globally enabled.

Port Control

Use the drop-down menu to set the port control state to apply to this port. Options include
force-authorized, force-unauthorized and automatic. The default setting is port-authorized.

Re Authenticate

Select this setting to force clients to reauthenticate on this port. The default setting is disabled, thus
clients do not need to reauthenticate for connection over this port until this setting is enabled.

Max Reauthenticate
Count

Set the maximum reauthentication attempts (1 - 10) before this port is moved to unauthorized. The
default setting is 2.

Maximum Request

Set the maximum number of authentication requests (1 - 10) before returning a failed message to the
requesting client. The default setting is 2.

Quiet Period

Set the quiet period for this port from 1 - 65,535 seconds. This is the maximum wait time 802.1x waits
upon a failed authentication attempt. The default setting is 60 seconds.

Reauthenticate
Period

Use the spinner control to set the reauthentication period for this port from 1 - 65,535 seconds. The
default setting is 60 seconds.

Port MAC
Authentication

When enabled, a port’s MAC address is authenticated, as only one MAC address is supported per wired
port. When successfully authenticated, packets from the source are processed. Packets from all other
sources are dropped. Port MAC authentication is supported on RFS4000, RFS6000 model controllers.
Port MAC authentication may be enabled on ports in conjunction with Wired 802.1x settings for a MAC
Authentication AAA policy.

Host Mode

Configures the Port mode for 802.1x authentication. Select single-host to bridge traffic from a
single authenticated host. Select multi-host to bridge traffic from any host the wired port.

Guest VLAN

Set the Guest VLAN on which traffic is bridged from the wired port, if the port is unauthorized.

Port Control

Configures how the port is controlled. When set to Automatic, the port is set to a state as
received from the authentication server. When set to force-authorized, any traffic on the port is
said to be authorized and is bridged. When set to force-unauthorized, any traffic on the port is
said to be unauthorized and is not bridged.

Reauthenticate

Enables reauthentication of authorized ports. Reauthentication is used primarily to refresh the
current state of controlled ports. When enabled, and device using the controlled port is forced to
reauthenticate. When this happens, the controlled port is still in the authorized state. If
reauthentication fails, the port is set as being unauthorized and the device(s) using the port are
not allowed access.