Chapter

Configuring 802.1x Port Authentication

12

 

 

 

In this chapter

802.1x protocol overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

802.1x configuration guidelines and restrictions . . . . . . . . . . . . . . . . . . . . 123

802.1x authentication configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . 124

Interface-specific administrative tasks for 802.1x . . . . . . . . . . . . . . . . . . . 124

802.1x protocol overview

The 802.1x protocol defines a port-based authentication algorithm involving network data communication between client-based supplicant software, an authentication database on a server, and the authenticator device. In this situation the authenticator device is the Brocade FCoE hardware.

As the authenticator, the Brocade FCoE hardware prevents unauthorized network access. Upon detection of the new supplicant, the Brocade FCoE hardware enables the port and marks it “unauthorized”. In this state, only 802.1x traffic is allowed. All other traffic, such as DHCP and HTTP, is blocked. The Brocade FCoE hardware transmits an EAP-request to the supplicant, which responds with the EAP-response packet. The Brocade FCoE hardware, which then forwards the EAP-response packet to the RADIUS authentication server. If the credentials are validated by the RADIUS server database, the supplicant may access the protected network resources.

NOTE

802.1x port authentication is not supported by LAG (Link Aggregation Group) or interfaces that participate in a LAG.

NOTE

The EAP-MD5, EAP-TLS, EAP-TTLS and PEAP-v0 protocols are supported by the RADIUS server and are transparent to the authenticator switch.

When the supplicant logs off, it sends an EAP-logoff message to the Brocade FCoE hardware which then sets the port back to the “unauthorized” state.

802.1x configuration guidelines and restrictions

Follow these 802.1x configuration guidelines and restrictions when configuring 802.1x:

If you globally disable 802.1x, then all interface ports with 802.1x authentication enabled automatically switch to force-authorized port-control mode.

Converged Enhanced Ethernet Administrator’s Guide

123

53-1002163-02

 

Page 145
Image 145
Brocade Communications Systems 53-1002163-02 manual Configuring 802.1x Port Authentication, 802.1x protocol overview