Mu to mu disallow, 1x authentication – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 34
20
Brocade Mobility RFS7000-GR Controller System Reference Guide
53-1001944-01
Software overview
1
MU to MU disallow
Use MU to MU Disalllow to restrict MU to MU communication within a WLAN. The default is ‘no’,
which allows MUs to exchange packets with other MUs. It does not prevent MUs on other WLANs
from sending packets to this WLAN. You would have to enable MU to MU Disallow on the other
WLAN. To define how MU to MU traffic is permitted for a WLAN, see
802.1x authentication
802.1x Authentication cannot be disabled (it is always enabled). A factory delivered out-of-the-box
Brocade Mobility 7131N-FGR Access Point supports 802.1x authentication using a default
username and password. EAP-MD5 is used for 802.1x.
When you initially switch packets on an out-of-the-box Brocade Mobility 7131N-FGR Access Point
port, it immediately attempts to authenticate using 802.1x. Since 802.1x supports supplicant
initiated authentication, the Brocade Mobility 7131N-FGR Access Point attempts to initiate the
authentication process.
On reset (all resets including power-up), the Brocade Mobility 7131N-FGR Access Point sends an
EAPOL start message every time it sends a Hello message (periodically every 1 second). The EAPOL
start is the supplicant initiated attempt to become authenticated.
If an appropriate response is received in response to the EAPOL start message, the Brocade
Mobility 7131N-FGR Access Point attempts to proceed with the authentication process to
completion. Upon successful authentication, the Brocade Mobility 7131N-FGR Access Point
transmits the Hello message and the download proceeds the way as it does today.
If no response is received from the EAPOL start message, or if the authentication attempt is not
successful, the Brocade Mobility 7131N-FGR Access Point continues to transmit Hello messages
followed by LoadMe messages. If a parent reply is received in response to the Hello message, then
downloading continue normally - without authentication. In this case, you need not enable or
disable the port authentication.
802.1x authentication is conducted:
•
At power up
•
On an Brocade Mobility 7131N-FGR Access Point operator initiated reset (such as pulling
Ethernet cable)
•
When the switch administrator initiates a reset of the Brocade Mobility 7131N-FGR Access
Point.
•
When re-authentication is initiated by the Authenticator (say the switch in between)
Change username/password after AP adoption
Once the Brocade Mobility 7131N-FGR Access Point is adopted using 802.1x authentication (say
default username/password) OR using a non-secure access method (hub or switch without 802.1x
enabled), use the CLI/SNMP/UI to reconfigure the username/password combination.
Reset username/password to factory defaults
To restore the BrocadeMobility 7131N-FGR Access Point username/password to factory defaults,
adopt the Brocade Mobility 7131N-FGR Access Point using a non-secure access method (a hub or
switch without 802.1x enabled), then reconfigure the username/password combination.