Configuring multi-device port authentication, How multi-device port authentication works, Radius authentication – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1033: Chapter 32

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

999

53-1003053-01

Chapter

32

Configuring Multi-Device Port Authentication

In this chapter

How multi-device port authentication works . . . . . . . . . . . . . . . . . . . . . . . . 999

Using multi-device port authentication and 802.1X security on the same port 1001

Configuring multi-device port authentication . . . . . . . . . . . . . . . . . . . . . 1003

Displaying multi-device port authentication information . . . . . . . . . . . . . 1015

Multi-device port authentication is a way to configure a device to forward or block traffic from a
MAC address based on information received from a RADIUS server.

How multi-device port authentication works

Multi-device port authentication is a way to configure a device to forward or block traffic from a
MAC address based on information received from a RADIUS server.

The multi-device port authentication feature is a mechanism by which incoming traffic originating
from a specific MAC address is switched or forwarded by the device only if the source MAC address
is successfully authenticated by a RADIUS server. The MAC address itself is used as the username
and password for RADIUS authentication; the user does not need to provide a specific username
and password to gain access to the network. If RADIUS authentication for the MAC address is
successful, traffic from the MAC address is forwarded in hardware.

If the RADIUS server cannot validate the user's MAC address, then it is considered an
authentication failure, and a specified authentication-failure action can be taken. The default
authentication-failure action is to drop traffic from the non-authenticated MAC address in
hardware. You can also configure the device to move the port on which the non-authenticated MAC
address was learned into a restricted or “guest” VLAN, which may have limited access to the
network.

NOTE

TurboIron X Series devices do not support:
- multi-device authentication and port security configured on the same port
- multi-device authentication and lock-address configured on the same port

RADIUS authentication

The multi-device port authentication feature communicates with the RADIUS server to authenticate
a newly found MAC address. The device supports multiple RADIUS servers; if communication with
one of the RADIUS servers times out, the others are tried in sequential order. If a response from a
RADIUS server is not received within a specified time (by default, 3 seconds) the RADIUS session
times out, and the device retries the request up to three times. If no response is received, the next
RADIUS server is chosen, and the request is sent for authentication.

Advertising
Popular Brands
Popular manuals