beautypg.com

Specifying the radius timeout action – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 185

background image

Brocade ICX 6650 Security Configuration Guide

165

53-1002601-01

802.1X port security configuration

NAS-IP-Address (4) – RFC 2865

NAS-Port (5) – RFC 2865

Service-Type (6) – RFC 2865

FilterId (11) – RFC 2865

Framed-MTU (12) – RFC 2865

State (24) – RFC 2865

Vendor-Specific (26) – RFC 2865

Session-Timeout (27) – RFC 2865

Termination-Action (29) – RFC 2865

Calling-Station-ID (31) – RFC 2865

NAS-Port-Type (61) – RFC 2865

Tunnel-Type (64) – RFC 2868

Tunnel-Medium-Type (65) – RFC 2868

EAP Message (79) – RFC 2579

Message-Authenticator (80) RFC 3579

Tunnel-Private-Group-Id (81) – RFC 2868

NAS-Port-id (87) – RFC 2869

Specifying the RADIUS timeout action

A RADIUS timeout occurs when the Brocade device does not receive a response from a RADIUS
server within a specified time limit and after a certain number of retries. The time limit and number
of retries can be manually configured using the CLI commands radius-server timeout and
radius-server retransmit, respectively. If the parameters are not manually configured, the Brocade
device applies the default value of three seconds time limit with a maximum of three retries.

You can better control port behavior when a RADIUS timeout occurs. That is, you can configure a
port on the Brocade device to automatically pass or fail users being authenticated. A pass
essentially bypasses the authentication process and permits user access to the network. A fail
bypasses the authentication process and blocks user access to the network, unless restrict-vlan is
configured, in which case, the user is placed into a VLAN with restricted or limited access. By
default, the Brocade device will reset the authentication process and retry to authenticate the user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Permit user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the
network, enter commands such as the following

Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action success

Syntax: [no] dot1x auth-timeout-action success

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.

See also other documents in the category Brocade Communications Systems Computer Accessories: