802.1X port security configuration

Configuring an authentication method list for 802.1X

To use 802.1X port security, you must specify an authentication method to be used to authenticate Clients. Brocade supports RADIUS authentication with 802.1X port security. To use RADIUS authentication with 802.1X port security, you create an authentication method list for 802.1X and specify RADIUS as an authentication method, then configure communication between the Brocade device and RADIUS server.

Example

Brocade(config)# aaa authentication dot1x default radius

Syntax: [no] aaa authentication dot1x default method-list

For the method-list, enter at least one of the following authentication methods radius – Use the list of all RADIUS servers that support 802.1X for authentication.

none – Use no authentication. The Client is automatically authenticated by other means, without the device using information supplied by the Client.

NOTE

If you specify both radius and none, make sure radius comes before none in the method list.

Setting RADIUS parameters

To use a RADIUS server to authenticate access to a Brocade device, you must identify the server to the Brocade device.

Example

Brocade(config)# radius-server host 10.157.22.99 auth-port 1812 acct-port 1813 default key mirabeau dot1x

Syntax: radius-server host ip-addripv6-addrserver-name[auth-port num acct-port num default] [key 0 1 string] [dot1x]

The host ip-addr ipv6-addr server-nameparameter is either an IP address or an ASCII text string.

The dot1x parameter indicates that this RADIUS server supports the 802.1X standard. A RADIUS server that supports the 802.1X standard can also be used to authenticate non-802.1X authentication requests.

NOTE

To implement 802.1X port security, at least one of the RADIUS servers identified to the Brocade device must support the 802.1X standard.

Supported RADIUS attributes

Many IEEE 802.1X Authenticators will function as RADIUS clients. Some of the RADIUS attributes may be received as part of IEEE 802.1X authentication. Brocade devices support the following RADIUS attributes for IEEE 802.1X authentication:

Username (1) – RFC 2865

164

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 184
Image 184
Brocade Communications Systems 6650 manual Configuring an authentication method list for, Setting Radius parameters