Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
175
53-1002601-01
802.1X port security configuration
To activate authentication on an 802.1X-enabled interface, you configure the interface to place its
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.
Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x port-control auto
Brocade(config-if-e10000-1/3/1)# dot1x port-control auto
Syntax: [no] dot1x port-control [force-authorized | force-unauthorized | auto]
When an interface control type is set to auto, the controlled port is initially set to unauthorized, but
is changed to authorized when the connecting Client is successfully authenticated by an
Authentication Server.
is changed to authorized when the connecting Client is successfully authenticated by an
Authentication Server.
The port control type can be one of the following:
force-authorized – The controlled port is placed unconditionally in the authorized state, allowing all
traffic. This is the default state for ports on the Brocade device.
traffic. This is the default state for ports on the Brocade device.
force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.
auto – The controlled port is unauthorized until authentication takes place between the Client and
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
activates authentication on an 802.1X-enabled interface.
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
activates authentication on an 802.1X-enabled interface.
NOTE
You cannot enable 802.1X port security on ports that have any of the following features enabled:
•
Link aggregation
•
Metro Ring Protocol (MRP)
•
Mirror port
•
Trunk port
Configuring periodic re-authentication
You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of
between 1 – 4294967295 seconds.
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of
between 1 – 4294967295 seconds.
To configure periodic re-authentication using the default interval of 3,600 seconds, enter the
following command.
following command.
Brocade(config-dot1x)# re-authentication
Syntax: [no] re-authentication
To configure periodic re-authentication with an interval of 2,000 seconds, enter the following
commands.
commands.
Brocade(config-dot1x)# re-authentication
Brocade(config-dot1x)# timeout re-authperiod 2000
Brocade(config-dot1x)# timeout re-authperiod 2000
Syntax: [no] timeout re-authperiod seconds