Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario

Chapter

6

802.1X Port Security

 lists 802.1X port security features that are supported on Brocade ICX 6650. These 

features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software 
images, except where explicitly noted.

IETF RFC support 

Brocade ICX 6650 supports the IEEE 802.1X standard for authenticating devices attached to LAN 
ports. Using 802.1X port security, you can configure a Brocade ICX 6650 device to grant access to 
a port based on information supplied by a client to an authentication server.

When a user logs on to a network that uses 802.1X port security, the Brocade device grants (or 
does not grant) access to network services after the user is authenticated by an authentication 
server. The user-based authentication in 802.1X port security provides an alternative to granting 
network access based on a user IP address, MAC address, or subnetwork.

The Brocade implementation of 802.1X port security supports the following RFCs:

•

RFC 2284 PPP Extensible Authentication Protocol (EAP)

•

RFC 2865 Remote Authentication Dial In User Service (RADIUS)

•

RFC 2869 RADIUS Extensions

TABLE 24

Supported 802.1X port security features

Feature

Brocade ICX 6650

802.1X port security

Yes

Multiple host authentication

Yes

EAP pass-through support

Yes

802.1X accounting

Yes

802.1X dynamic assignment for ACL, MAC 
address filter, and VLAN

Yes

Automatic removal of Dynamic VLAN for 
802.1X ports

Yes

RADIUS timeout action

Yes

802.1X and multi-device port 
authentication on the same port

Yes

802.1X and sFlow

•

802.1X username export support for 
encrypted and non-encrypted EAP 
types

Yes