Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation

Multi-device port authentication and 802.1X security on the same port

4. If the Foundry-802_1x-enable VSA is present in the Access-Accept message, and is set to 0, 

then 802.1X authentication is skipped. The device is authenticated, and any dynamic VLANs 
specified in the Access-Accept message returned during multi-device port authentication are 
applied to the port.

5. If 802.1X authentication is performed on the device, and is successful, then dynamic VLANs or 

ACLs specified in the Access-Accept message returned during 802.1X authentication are 
applied to the port.

If multi-device port authentication fails for a device, then by default traffic from the device is either 
blocked in hardware, or the device is placed in a restricted VLAN. You can optionally configure the 
Brocade device to perform 802.1X authentication on a device when it fails multi-device port 
authentication. Refer to 

 on page 265 for a sample configuration where this is used.

Configuring Brocade-specific attributes on the
RADIUS server

If the RADIUS authentication process is successful, the RADIUS server sends an Access-Accept 
message to the Brocade device, authenticating the device. The Access-Accept message can 
include Vendor-Specific Attributes (VSAs) that specify additional information about the device. If 
you are configuring multi-device port authentication and 802.1X authentication on the same port, 
then you can configure the Brocade VSAs listed in 

 on the RADIUS server.

You add these Brocade vendor-specific attributes to your RADIUS server configuration, and 
configure the attributes in the individual or group profiles of the devices that will be authenticated. 
The Brocade Vendor-ID is 1991, with Vendor-Type 1.