Brocade BigIron RX Series Configuration Guide User Manual

Page 1154

Advertising
background image

1076

BigIron RX Series Configuration Guide

53-1002484-04

Using multi-device port authentication and 802.1X security on the same port

34

!

interface ethernet 2/1

dot1x port-control auto

If User 1 is successfully authenticated before User 2, the PVID for port 2/1 would be changed from
the default VLAN to VLAN 3.

Had User 2 been the first to be successfully authenticated, the PVID would be changed to 20, and
User 1 would not be able to gain access to the network. If there were only one device connected to
the port that was sending untagged traffic, and 802.1X authentication failed for that device, it
would be placed in the restricted VLAN 1023, and would be able to gain access to the network.

Using multi-device port authentication and 802.1X
security on the same port

You can configure the Brocade device to use multi-device port authentication and 802.1X security
on the same port:

The multi-device port authentication feature allows you to configure a Brocade device to
forward or block traffic from a MAC address based on information received from a RADIUS
server. Incoming traffic originating from a given MAC address is switched or forwarded by the
device only if the source MAC address is successfully authenticated by a RADIUS server. The
MAC address itself is used as the username and password for RADIUS authentication. A
connecting user does not need to provide a specific username and password to gain access to
the network.

The IEEE 802.1X standard is a means for authenticating devices attached to LAN ports. Using
802.1X port security, you can configure a Brocade device to grant access to a port based on
information supplied by a client to an authentication server.

When both of these features are enabled on the same port, multi-device port authentication is
performed prior to 802.1X authentication. If multi-device port authentication is successful, 802.1X
authentication may be performed, based on the configuration of a vendor-specific attribute (VSA) in
the profile for the MAC address on the RADIUS server.

For more information, including configuration examples, see

“Support for multi-device port

authentication and 802.1x on the same interface”

on page 1007.

Advertising
Popular Brands
Popular manuals