Configuring port authenticator settings for 802.1x – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 940
890
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
Configuring 802.1X Port Authentication
41
Configuring Port Authenticator Settings for 802.1X
Use the Security > Port Authentication (Configure Interface – Authenticator) page to configure
802.1X port settings for the switch as the local authenticator. When 802.1X is enabled, you need to
configure the parameters for the authentication process that runs between the client and the
switch (i.e., authenticator), as well as the client identity lookup process that runs between the
switch and authentication server.
CLI References
•
Command Usage
•
When the switch functions as a local authenticator between supplicant devices attached to the
switch and the authentication server, configure the parameters for the exchange of EAP
messages between the authenticator and clients on the Authenticator configuration page.
•
When devices attached to a port must submit requests to another authenticator on the
network, configure the Identity Profile parameters on the Configure Global page (see
“Configuring 802.1X Global Settings”
on page 888) which identify this switch as a supplicant,
and configure the supplicant parameters for those ports which must authenticate clients
through the remote authenticator (see
“Configuring Port Supplicant Settings for 802.1X”
•
This switch can be configured to serve as the authenticator on selected ports by setting the
Control Mode to Auto on this configuration page, and as a supplicant on other ports by the
setting the control mode to Force-Authorized on this page and enabling the PAE supplicant on
the Supplicant configuration page.
Parameters
These parameters are displayed:
•
Port – Port number.
•
Status – Indicates if authentication is enabled or disabled on the port. The status is disabled if
the control mode is set to Force-Authorized.
•
Authorized – Displays the 802.1X authorization status of connected clients.
•
Yes – Connected client is authorized.
•
N/A – Connected client is not authorized, or port is not connected.
•
Supplicant – Indicates the MAC address of a connected client.
•
Control Mode – Sets the authentication mode to one of the following options:
•
Auto – Requires a dot1x-aware client to be authorized by the authentication server. Clients
that are not dot1x-aware will be denied access.
•
Force-Authorized – Forces the port to grant access to all clients, either dot1x-aware or
otherwise. (This is the default setting.)
•
Force-Unauthorized – Forces the port to deny access to all clients, either dot1x-aware or
otherwise.
•
Operation Mode – Allows single or multiple hosts (clients) to connect to an 802.1X-authorized
port. (Default: Single-Host)
•
Single-Host – Allows only a single host to connect to this port.