Brocade Communications Systems 53-1001761-01 사용자 설명서

Chapter

10

Configuring 802.1x Port Authentication 

In this chapter

•

•

•

•

802.1x protocol overview

The 802.1x protocol defines a port-based authentication algorithm involving network data 
communication between client-based supplicant software, an authentication database on a server, 
and the authenticator device. In this situation the authenticator device is the Brocade FCoE 
hardware.

As the authenticator, the Brocade FCoE hardware prevents unauthorized network access. Upon 
detection of the new supplicant, the Brocade FCoE hardware enables the port and marks it 
“unauthorized”. In this state, only 802.1x traffic is allowed. All other traffic, such as DHCP and 
HTTP, is blocked. The Brocade FCoE hardware transmits an EAP-request to the supplicant, which 
responds with the EAP-response packet. The Brocade FCoE hardware, which then forwards the 
EAP-response packet to the RADIUS authentication server. If the credentials are validated by the 
RADIUS server database, the supplicant may access the protected network resources.

NOTE
802.1x port authentication is not supported by LAG (Link Aggregation Group) or interfaces that 
participate in a LAG.

NOTE

The EAP-MD5, EAP-TLS, EAP-TTLS and PEAP-v0 protocols are supported by the RADIUS server and 
are transparent to the authenticator switch.

When the supplicant logs off, it sends an EAP-logoff message to the Brocade FCoE hardware which 
then sets the port back to the “unauthorized” state.

802.1x configuration guidelines and restrictions

Follow these 802.1x configuration guidelines and restrictions when configuring 802.1x:

•

If you globally disable 802.1x, then all interface ports with 802.1x authentication enabled 
automatically switch to force-authorized port-control mode.