Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
236
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Multi-device port authentication configuration
If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.
Configuration examples are shown in
Multi-device port authentication configuration
Configuring multi-device port authentication on the Brocade device consists of the following tasks:
•
Enabling multi-device port authentication globally and on individual interfaces
•
Specifying the format of the MAC addresses sent to the RADIUS server (optional)
•
Specifying the authentication-failure action (optional)
•
Enabling and disabling SNMP traps for multi-device port authentication
•
Defining MAC address filters (optional)
•
Configuring dynamic VLAN assignment (optional)
•
Dynamically Applying IP ACLs to authenticated MAC addresses
•
Enabling denial of service attack protection (optional)
TABLE 55
Brocade vendor-specific attributes for RADIUS
Attribute name
Attribute ID
Data type
Description
Foundry-802_1x-enable
6
integer
Specifies whether 802.1X authentication is
performed when multi-device port
authentication is successful for a device. This
attribute can be set to one of the following:
0 - Do not perform 802.1X authentication on
a device that passes multi-device port
authentication. Set the attribute to zero for
devices that do not support 802.1X
authentication.
1 - Perform 802.1X authentication when a
device passes multi-device port
authentication. Set the attribute to one for
devices that support 802.1X authentication.
performed when multi-device port
authentication is successful for a device. This
attribute can be set to one of the following:
0 - Do not perform 802.1X authentication on
a device that passes multi-device port
authentication. Set the attribute to zero for
devices that do not support 802.1X
authentication.
1 - Perform 802.1X authentication when a
device passes multi-device port
authentication. Set the attribute to one for
devices that support 802.1X authentication.
Foundry-802_1x-valid
7
integer
Specifies whether the RADIUS record is valid
only for multi-device port authentication, or
for both multi-device port authentication and
802.1X authentication.
This attribute can be set to one of the
following:
0 - The RADIUS record is valid only for
multi-device port authentication. Set this
attribute to zero to prevent a user from using
their MAC address as username and
password for 802.1X authentication
1 - The RADIUS record is valid for both
multi-device port authentication and 802.1X
authentication.
only for multi-device port authentication, or
for both multi-device port authentication and
802.1X authentication.
This attribute can be set to one of the
following:
0 - The RADIUS record is valid only for
multi-device port authentication. Set this
attribute to zero to prevent a user from using
their MAC address as username and
password for 802.1X authentication
1 - The RADIUS record is valid for both
multi-device port authentication and 802.1X
authentication.