Configuring 802.1x global settings, Figure 220 confi – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 938
888
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
Configuring 802.1X Port Authentication
41
FIGURE 220
Configuring Port Security
The operation of 802.1X on the switch requires the following:
•
The switch must have an IP address assigned.
•
RADIUS authentication must be enabled on the switch and the IP address of the RADIUS
server specified.
•
802.1X must be enabled globally for the switch.
•
Each switch port that will be used must be set to dot1X “Auto” mode.
•
Each client that needs to be authenticated must have dot1X client software installed and
properly configured.
•
The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to
pass the EAP packets from the server to the client.)
•
The RADIUS server and client also have to support the same EAP authentication type – MD5,
PEAP, TLS, or TTLS. (Native support for these encryption methods is provided in Windows 7,
Vista and XP, and in Windows 2000 with Service Pack 4. To support these encryption methods
in Windows 95 and 98, you can use the AEGIS dot1x client or other comparable client
software)
Configuring 802.1X Global Settings
Use the Security > Port Authentication (Configure Global) page to configure IEEE 802.1X port
authentication. The 802.1X protocol must be enabled globally for the switch system before port
settings are active.
CLI References
•
Parameters
These parameters are displayed:
•
System Authentication Control – Sets the global setting for 802.1X. (Default: Disabled)
•
EAPOL Pass Through – Passes EAPOL frames through to all ports in STP forwarding state when
dot1x is globally disabled. (Default: Disabled)
802.1x
client
RADIUS
server
1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.