Brocade BigIron RX Series Configuration Guide User Manual

BigIron RX Series Configuration Guide

1027

53-1002484-04

Example configurations

32

Since there is no profile for the PC MAC address on the RADIUS server, multi-device port
authentication for this MAC address fails. Ordinarily, this would mean that the PVID for the port
would be changed to that of the restricted VLAN, or traffic from this MAC would be blocked in
hardware. However, the device is configured to perform 802.1X authentication when a device fails
multi-device port authentication, so when User 1 attempts to connect to the network from the PC,
he is subject to 802.1X authentication. If User 1 is successfully authenticated, the PVID for port e
1/4 is changed to the VLAN named “User-VLAN”.

NOTE

This example assumes that the IP phone initially transmits untagged packets (for example, CDP or
DHCP packets), which trigger the authentication process on the Brocade device and client lookup
on the RADIUS server. If the phone sends only tagged packets and the port (e 1/4) is not a member
of that VLAN, authentication would not occur. In this case, port e 1/4 must be added to that VLAN
prior to authentication.

To configure the device to perform 802.1X authentication when a device fails multi-device port
authentication, enter the following command.

BigIron RX(config)#mac-authentication auth-fail-dot1x-override

Syntax: [no] mac-authentication auth-fail-dot1x-override