Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
164
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
802.1X port security configuration
Configuring an authentication method list for 802.1X
To use 802.1X port security, you must specify an authentication method to be used to authenticate
Clients. Brocade supports RADIUS authentication with 802.1X port security. To use RADIUS
authentication with 802.1X port security, you create an authentication method list for 802.1X and
specify RADIUS as an authentication method, then configure communication between the Brocade
device and RADIUS server.
Clients. Brocade supports RADIUS authentication with 802.1X port security. To use RADIUS
authentication with 802.1X port security, you create an authentication method list for 802.1X and
specify RADIUS as an authentication method, then configure communication between the Brocade
device and RADIUS server.
Example
Brocade(config)# aaa authentication dot1x default radius
Syntax: [no] aaa authentication dot1x default method-list
For the method-list, enter at least one of the following authentication methods
radius – Use the list of all RADIUS servers that support 802.1X for authentication.
none – Use no authentication. The Client is automatically authenticated by other means, without
the device using information supplied by the Client.
the device using information supplied by the Client.
NOTE
If you specify both radius and none, make sure radius comes before none in the method list.
Setting RADIUS parameters
To use a RADIUS server to authenticate access to a Brocade device, you must identify the server to
the Brocade device.
the Brocade device.
Example
Brocade(config)# radius-server host 10.157.22.99 auth-port 1812 acct-port 1813
default key mirabeau dot1x
default key mirabeau dot1x
Syntax: radius-server host ip-addr | ipv6-addr | server-name [auth-port num | acct-port num |
default] [key 0 | 1 string] [dot1x]
The host ip-addr | ipv6-addr | server-name parameter is either an IP address or an ASCII text
string.
string.
The dot1x parameter indicates that this RADIUS server supports the 802.1X standard. A RADIUS
server that supports the 802.1X standard can also be used to authenticate non-802.1X
authentication requests.
server that supports the 802.1X standard can also be used to authenticate non-802.1X
authentication requests.
NOTE
To implement 802.1X port security, at least one of the RADIUS servers identified to the Brocade
device must support the 802.1X standard.
To implement 802.1X port security, at least one of the RADIUS servers identified to the Brocade
device must support the 802.1X standard.
Supported RADIUS attributes
Many IEEE 802.1X Authenticators will function as RADIUS clients. Some of the RADIUS attributes
may be received as part of IEEE 802.1X authentication. Brocade devices support the following
RADIUS attributes for IEEE 802.1X authentication:
may be received as part of IEEE 802.1X authentication. Brocade devices support the following
RADIUS attributes for IEEE 802.1X authentication:
•
Username (1) – RFC 2865