Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual
Page 971
Brocade 6910 Ethernet Access Switch Configuration Guide
915
53-1002651-02
42
Configuring 802.1X Port Authentication
•
Multi-Host – Allows multiple host to connect to this port.
In this mode, only one host connected to a port needs to pass authentication for all other
hosts to be granted network access. Similarly, a port can become unauthorized for all
hosts if one attached host fails re-authentication or sends an EAPOL logoff message.
•
MAC-Based – Allows multiple hosts to connect to this port, with each host needing to be
authenticated.
In this mode, each host connected to a port needs to pass authentication. The number of
hosts allowed access to a port operating in this mode is limited only by the available space
in the secure address table (i.e., up to 1024 addresses).
•
Max MAC Count – The maximum number of hosts that can connect to a port when the
Multi-Host operation mode is selected. (Range: 1-1024; Default: 5)
•
Max Request – Sets the maximum number of times the switch port will retransmit an EAP
request packet to the client before it times out the authentication session. (Range: 1-10;
Default 2)
•
Quiet Period – Sets the time that a switch port waits after the Max Request Count has been
exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60
seconds)
•
Tx Period – Sets the time period during an authentication session that the switch waits before
re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)
•
Supplicant Timeout – Sets the time that a switch port waits for a response to an EAP request
from a client before re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other than
EAP-request/identity frames. If dot1x authentication is enabled on a port, the switch will
initiate authentication when the port link state comes up. It will send an EAP-request/identity
frame to the client to request its identity, followed by one or more requests for authentication
information. It may also send other EAP-request frames to the client during an active
connection as required for reauthentication.
•
Server Timeout – Sets the time that a switch port waits for a response to an EAP request from
an authentication server before re-transmitting an EAP packet. (Default: 0 seconds)
A RADIUS server must be set before the correct operational value of 10 seconds will be
displayed in this field. (See
“Configuring Remote Logon Authentication Servers”
•
Re-authentication Status – Sets the client to be re-authenticated after the interval specified by
the Re-authentication Period. Re-authentication can be used to detect if a new device is
plugged into a switch port. (Default: Disabled)
•
Re-authentication Period – Sets the time period after which a connected client must be
re-authenticated. (Range: 1-65535 seconds; Default: 3600 seconds)
•
Re-authentication Max Retries – The maximum number of times the switch port will retransmit
an EAP request/identity packet to the client before it times out the authentication session.
(Range: 1-10; Default: 2)
•
Intrusion Action – Sets the port’s response to a failed authentication.
•
Block Traffic – Blocks all non-EAP traffic on the port. (This is the default setting.)
•
Guest VLAN – All traffic for the port is assigned to a guest VLAN. The guest VLAN must be
separately configured (See
on page 752) and mapped on each