Example 1 – Brocade BigIron RX Series Configuration Guide User Manual

1024

BigIron RX Series Configuration Guide

53-1002484-04

Example configurations

32

The part of the running-config related to multi-device port authentication would be as follows.

mac-authentication enable

mac-authentication auth-fail-vlan-id 1023

interface ethernet 2/1

mac-authentication enable

mac-authentication auth-fail-action restrict-vlan

mac-authentication enable-dynamic-vlan

Examples of multi-device port authentication and 802.1X
authentication configuration on the same port

The following examples show configurations that use multi-device port authentication and 802.1X
authentication on the same port.

Example 1

Figure 132

illustrates an example configuration that uses multi-device port authentication and

802.1X authentication n the same port. In this configuration, a PC and an IP phone are connected
to port e 1/3 on a Brocade device. Port e 1/3 is configured as a dual-mode port.

The profile for the PC MAC address on the RADIUS server specifies that the PC should be
dynamically assigned to VLAN "Login-VLAN", and the RADIUS profile for the IP phone specifies that
it should be dynamically assigned to the VLAN named "IP-Phone-VLAN". When User 1 is
successfully authenticated using 802.1X authentication, the PC is then placed in the VLAN named
"User-VLAN".

NOTE

This example assumes that the IP phone initially transmits untagged packets (for example, CDP or
DHCP packets), which trigger the authentication process on the Brocade device and client lookup
on the RADIUS server. If the phone sends only tagged packets and the port (e 1/3) is not a member
of that VLAN, authentication would not occur. In this case, port e 1/3 must be added to that VLAN
prior to authentication.