Displaying 802.1x information – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1003

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

969

53-1003053-01

Displaying 802.1X information

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.

Syntax: timeout restrict-fwd-period <num>

The <num> parameter is a value from 0 to 32767. The default value is 10.

Configuring a timeout action to cancel 802.1X authentication for Non-802.1x
clients

Normally, the Brocade-specific attribute obtained from the RADIUS server identifies a client as not
802.1X-capable and tells the switch not to perform 802.1X authentication for this client.

However, if you configure an auth-timeout-action at the global level, the Brocade-specific attribute
from the RADIUS server is no longer required to cancel 802.1X authentication for a non-802.1X
user. To configure the timeout action, enter commands similar to the following at the global level.

TurboIron(config)#dot1x-enable

TurboIron(config-dot1x)#restrict-forward-non-dot1x auth-timeout-action

Syntax: restrict-forward-non-dot1x [auth-timeout-action]

To set the RADIUS timeout behavior to bypass dot.1X authentication and permit client access to the
network, enter commands similar to the following (at the interface level).

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e100-1)#dot1x auth-timeout-action success

To set the RADIUS timeout behavior to bypass 802.1X authentication and return a failure, which
limits access to the network and moves the client to the restricted VLAN, enter commands similar
to the following (at the interface level).

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e100-1)#dot1x auth-timeout-action failure

Syntax: [no] dot1x auth-timeout-action success

Syntax: [no] dot1x auth-timeout-action failure

NOTE

The success or failure of multi-device port authentication can change the effect of these commands.

Displaying 802.1X information

You can display the following 802.1X-related information:

The 802.1X configuration on the device and on individual ports

Statistics about the EAPOL frames passing through the device

802.1X-enabled ports dynamically assigned to a VLAN

User-defined and dynamically applied MAC filters and IP ACLs currently active on the device

The 802.1X multiple-host configuration

Advertising
Popular Brands
Popular manuals