Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 282

Advertising
background image

FIGURE 10 Using multi-device port authentication with dynamic VLAN assignment

In this example, multi-device port authentication is performed for both devices. If the PC is
successfully authenticated, port e1 PVID is changed from VLAN 1 (the DEFAULT-VLAN) to VLAN
102. If authentication for the PC fails, then the PC can be placed in a specified "restricted" VLAN, or
traffic from the PC can be blocked in hardware. In this example, if authentication for the PC fails, the
PC would be placed in VLAN 1023, the restricted VLAN.

If authentication for the IP phone is successful, then port e1 is added to VLAN 3. If authentication for
the IP phone fails, then traffic from the IP phone would be blocked in hardware. (Devices sending
tagged traffic cannot be placed in the restricted VLAN.)

The portion of the running-config related to multi-device port authentication is as follows.

mac-authentication enable

mac-authentication auth-fail-vlan-id 1023

interface ethernet 1

dual-mode

mac-authentication enable

Multi-Device Port Authentication

282

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

Advertising
See also other documents in the category Brocade Computer Accessories: