Example configurations, Table 153, Ed in – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1020: On the, Example 1

Advertising
background image

986

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Using multi-device port authentication and 802.1X security on the same port

If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.

Example configurations

The following examples show configurations that use multi-device port authentication and 802.1X
authentication on the same port.

Example 1

Figure 123

illustrates an example configuration that uses multi-device port authentication and

802.1X authentication on the same port. In this configuration, a PC and an IP phone are
connected to port e 3 on a device. Port e 3 is configured as a dual-mode port.

The profile for the PC MAC address on the RADIUS server specifies that the PC should be
dynamically assigned to VLAN "Login-VLAN", and the RADIUS profile for the IP phone specifies that
it should be dynamically assigned to the VLAN named "IP-Phone-VLAN". When User 1 is
successfully authenticated using 802.1X authentication, the PC is then placed in the VLAN named
"User-VLAN".

TABLE 153

Brocade vendor-specific attributes for RADIUS

Attribute Name

Attribute ID

Data Type

Description

Foundry-802_1x-enable

6

integer

Specifies whether 802.1X authentication is
performed when multi-device port
authentication is successful for a device. This
attribute can be set to one of the following:
0

Do not perform 802.1X authentication

on a device that passes multi-device port
authentication. Set the attribute to zero for
devices that do not support 802.1X
authentication.
1

Perform 802.1X authentication when a

device passes multi-device port
authentication. Set the attribute to one for
devices that support 802.1X authentication.

Foundry-802_1x-valid

7

integer

Specifies whether the RADIUS record is valid
only for multi-device port authentication, or
for both multi-device port authentication and
802.1X authentication.
This attribute can be set to one of the
following:
0

The RADIUS record is valid only for

multi-device port authentication. Set this
attribute to zero to prevent a user from using
their MAC address as username and
password for 802.1X authentication
1

The RADIUS record is valid for both

multi-device port authentication and 802.1X
authentication.

Advertising
Popular Brands
Popular manuals