802.1X port security configuration

Enabling 802.1X port security

By default, 802.1X port security is disabled on Brocade devices. To enable the feature on the device and enter the dot1x configuration level, enter the following command.

Brocade(config)# dot1x-enable

Brocade(config-dot1x)#

Syntax: [no] dot1x-enable

At the dot1x configuration level, you can enable 802.1X port security on all interfaces at once, on individual interfaces, or on a range of interfaces.

For example, to enable 802.1X port security on all interfaces on the device, enter the following command.

Brocade(config-dot1x)# enable all

Syntax: [no] enable all

To enable 802.1X port security on interface 1/3/11, enter the following command.

Brocade(config-dot1x)# enable ethernet 1/3/11

Syntax: [no] enable ethernet port

Specify the port variable in stack-unit/slotnum/portnumformat.

To enable 802.1X port security on interfaces 1/3/11 through 1/3/16, enter the following command.

Brocade(config-dot1x)# enable ethernet 1/3/11 to 1/3/16

Syntax: [no] enable ethernet port to port

Specify the port variable in stack-unit/slotnum/portnumformat.

Setting the port control

To activate authentication on an 802.1X-enabled interface, you specify the kind of port control to be used on the interface. An interface used with 802.1X port security has two virtual access points: a controlled port and an uncontrolled port:

The controlled port can be either the authorized or unauthorized state. In the authorized state, it allows normal traffic to pass between the Client and the Authenticator. In the unauthorized state, no traffic is allowed to pass.

The uncontrolled port allows only EAPOL traffic between the Client and the Authentication Server.

Refer to Figure 3 for an illustration of this concept.

By default, all controlled ports on the device are in the authorized state, allowing all traffic. When you activate authentication on an 802.1X-enabled interface, its controlled port is placed in the unauthorized state. When a Client connected to the interface is successfully authenticated, the controlled port is then placed in the authorized state. The controlled port remains in the authorized state until the Client logs off.

174

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 194
Image 194
Brocade Communications Systems 6650 manual Enabling 802.1X port security, Setting the port control