Configuring periodic re-authentication – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 195

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

175

53-1002601-01

802.1X port security configuration

To activate authentication on an 802.1X-enabled interface, you configure the interface to place its
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.

Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x port-control auto

Syntax: [no] dot1x port-control [force-authorized | force-unauthorized | auto]

When an interface control type is set to auto, the controlled port is initially set to unauthorized, but
is changed to authorized when the connecting Client is successfully authenticated by an
Authentication Server.

The port control type can be one of the following:

force-authorized – The controlled port is placed unconditionally in the authorized state, allowing all
traffic. This is the default state for ports on the Brocade device.

force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.

auto – The controlled port is unauthorized until authentication takes place between the Client and
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
activates authentication on an 802.1X-enabled interface.

NOTE

You cannot enable 802.1X port security on ports that have any of the following features enabled:

Link aggregation

Metro Ring Protocol (MRP)

Mirror port

Trunk port

Configuring periodic re-authentication

You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of
between 1 – 4294967295 seconds.

To configure periodic re-authentication using the default interval of 3,600 seconds, enter the
following command.

Brocade(config-dot1x)# re-authentication

Syntax: [no] re-authentication

To configure periodic re-authentication with an interval of 2,000 seconds, enter the following
commands.

Brocade(config-dot1x)# re-authentication
Brocade(config-dot1x)# timeout re-authperiod 2000

Syntax: [no] timeout re-authperiod seconds

Advertising
Popular Brands
Popular manuals