Multi-device port authentication password override – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 1048
1014
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
Configuring multi-device port authentication
Deny User access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass multi-device port authentication and block user
access to the network, enter commands such as the following.
TurboIron(config)#interface ethernet 3
TurboIron(config-if-e100-3)#mac-authentication auth-timeout-action failure
Syntax: [no] mac-authentication auth-timeout-action failure
Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
NOTE
If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access. Refer to
“Allow user access to a restricted VLAN after a
Allow user access to a restricted VLAN after a RADIUS timeout
To set the RADIUS timeout behavior to bypass multi-device port authentication and place the user
in a VLAN with restricted or limited access, enter commands such as the following.
TurboIron(config)#interface ethernet 3
TurboIron(config-if-e100-3)#mac-authentication auth-fail-action restrict-vlan 100
TurboIron(config-if-e100-3)#mac-authentication auth-timeout-action failure
Syntax: [no] mac-authentication auth-fail-action restrict-vlan [<vlan-id>]
Syntax: [no] mac-authentication auth-timeout-action failure
Multi-device port authentication password override
The multi-device port authentication feature communicates with the RADIUS server to authenticate
a newly found MAC address. The RADIUS server is configured with the usernames and passwords
of authenticated users. For multi-device port authentication, the username and password is the
MAC address itself; that is, the device uses the MAC address for both the username and the
password in the request sent to the RADIUS server. For example, given a MAC address of
0000000feaa1, the users file on the RADIUS server would be configured with a username and
password both set to 0000000feaa1. When traffic from this MAC address is encountered on a
MAC-authentication-enabled interface, the device sends the RADIUS server an Access-Request
message with 0000000feaa1 as both the username and password.
To change the password for multi-device port authentication, enter a command such as the
following at the GLOBAL Config Level of the CLI.
TurboIron(config)#mac-authentication password-override
Syntax: [no] mac-authentication password-override <password>
where <password >can have up to 32 alphanumeric characters, but cannot include blank spaces.