Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
166
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
802.1X port security configuration
Re-authenticate a user
To configure RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands similar to the following
To configure RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands similar to the following
Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x re-auth-timeout-success 60
Brocade(config-if-e10000-1/3/1)# dot1x re-auth-timeout-success 60
Syntax: [no] dot1x re-auth-timeout- success seconds
The seconds parameter specifies the number of seconds the device will wait to re-authenticate a
user after a timeout. The minimum value is 10 seconds. The maximum value is 2
user after a timeout. The minimum value is 10 seconds. The maximum value is 2
16
-1 (maximum
unsigned 16-bit value).
Deny user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and block user access to the
network, enter commands such as the following
To set the RADIUS timeout behavior to bypass 802.1X authentication and block user access to the
network, enter commands such as the following
Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action failure
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action failure
Syntax: [no] dot1x auth-timeout-action failure
Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
timeout behavior to retry.
NOTE
If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access.Refer to
VLAN with restricted or limited access.Refer to
Allow user access to a restricted VLAN after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and place the user in a VLAN
with restricted or limited access, enter commands such as the following
with restricted or limited access, enter commands such as the following
Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action failure
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action failure
Syntax: [no] dot1x auth-timeout-action failure
NOTE
The commands auth-fail-action restrict-vlan and auth-fail-vlanid are supported in the global dot1x
mode and are not supported at the port-level. The failure action of dot1x auth-timeout-action failure
will follow the auth-fail-action defined at the global dot1x level.
mode and are not supported at the port-level. The failure action of dot1x auth-timeout-action failure
will follow the auth-fail-action defined at the global dot1x level.
Dynamic VLAN assignment for 802.1X port configuration
When a client successfully completes the EAP authentication process, the Authentication Server
(the RADIUS server) sends the Authenticator (the Brocade device) a RADIUS Access-Accept
message that grants the client access to the network. The RADIUS Access-Accept message
contains attributes set for the user in the user's access profile on the RADIUS server.
(the RADIUS server) sends the Authenticator (the Brocade device) a RADIUS Access-Accept
message that grants the client access to the network. The RADIUS Access-Accept message
contains attributes set for the user in the user's access profile on the RADIUS server.