Enabling 802.1x port security, Setting the port control – Brocade BigIron RX Series Configuration Guide User Manual

Page 1137

Advertising
background image

BigIron RX Series Configuration Guide

1059

53-1002484-04

Configuring 802.1x port security

34

Enabling 802.1x port security

By default, 802.1x port security is disabled on BigIron RX devices. To enable the feature on the
device and enter the dot1x configuration level, enter the following command.

BigIron RX(config)# dot1x-enable

BigIron RX(config-dot1x)#

Syntax: [no] dot1x-enable

At the dot1x configuration level, you can enable 802.1x port security on all interfaces at once, on
individual interfaces, or on a range of interfaces.

For example, to enable 802.1x port security on all interfaces on the device, enter the following
command.

BigIron RX(config-dot1x)# enable all

Syntax: [no] enable all

To enable 802.1x port security on interface 3/11, enter the following command.

BigIron RX(config-dot1x)# enable ethernet 3/11

Syntax: [no] enable <portnum>

To enable 802.1x port security on interfaces 3/11 through 3/16, enter the following command.

BigIron RX(config-dot1x)# enable ethernet 3/11 to 3/16

Syntax: [no] enable <portnum> to <portnum>

Setting the port control

To activate authentication on an 802.1x-enabled interface, you specify the kind of port control to
be used on the interface. An interface used with 802.1x port security has two virtual access points,
a controlled port and an uncontrolled port:

The controlled port can be either the authorized or unauthorized state. In the authorized state,
it allows normal traffic to pass between the Client and the Authenticator. In the unauthorized
state, it allows no traffic to pass through.

The uncontrolled port allows only EAPOL traffic between the Client and the Authentication
Server.

Refer to

Figure 136

on page 1048 for an illustration of this concept.

By default, all controlled ports on the device are in the authorized state, allowing all traffic. When
you activate authentication on an 802.1x-enabled interface, its controlled port is placed in the
unauthorized state. When a Client connected to the interface is successfully authenticated, the
controlled port is then placed in the authorized state for that client. The controlled port remains in
the authorized state until the Client logs off.

To activate authentication on an 802.1x-enabled interface, you configure the interface to place its
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.

BigIron RX(config)# interface e 3/1

BigIron RX(config-if-e10000-3/1)# dot1x port-control auto

Syntax: {no] dot1x port-control [force-authorized | force-unauthorized | auto]

Advertising
Popular Brands
Popular manuals