Example 2 – Brocade BigIron RX Series Configuration Guide User Manual

Page 1104

Advertising
background image

1026

BigIron RX Series Configuration Guide

53-1002484-04

Example configurations

32

When the PC is authenticated using multi-device port authentication, the port PVID is changed to
“Login-VLAN”, which is VLAN 1024 in this example.

When User 1 is authenticated using 802.1X authentication, the port PVID is changed to
“User-VLAN”, which is VLAN 3 in this example.

Example 2

The configuration in

Figure 133

requires that you create a profile on the RADIUS server for each

MAC address to which a device or user can connect to the network. In a large network, this can be
difficult to implement and maintain.

As an alternative, you can create MAC address profiles only for those devices that do not support
802.1X authentication, such as IP phones and printers, and configure the device to perform
802.1X authentication for the other devices that do not have MAC address profiles, such as user
PCs. To do this, you configure the device to perform 802.1X authentication when a device fails
multi-device port authentication.

Figure 133

shows a configuration where multi-device port authentication is performed for an IP

phone, and 802.1X authentication is performed for a user PC. There is a profile on the RADIUS
server for the IP phone MAC address, but not for the PC MAC address.

FIGURE 133

802.1X Authentication is performed when a device fails multi-device port
authentication

Multi-device port authentication is initially performed for both devices. The IP phone MAC address
has a profile on the RADIUS server. This profile indicates that 802.1X authentication should be
skipped for this device, and that the device port be placed into the VLAN named “IP-Phone-VLAN”.

Hub

No Profile for MAC 0002.3f7f.2e0a (PC)

User 1 Profile:
Tunnel-Private-Group-ID: = U:IP-User-VLAN

FastIron Switch

Port e1/4
Dual Mode

mac-authentication auth-fail-dot1x-override

CLI command configured

Hub

Untagged

Tagged

RADIUS Server

PC

MAC: 0002.3f7f.2e0a

User 1

IP Phone

MAC: 0050.048e.86ac

User 0050.048e.86ac (IP Phone) Profile:
Foundry-802_1x-enable = 0
Tunnel-Private-Group-ID = T:IP-Phone-VLAN

Advertising
Popular Brands
Popular manuals