802.1X port security configuration

To activate authentication on an 802.1X-enabled interface, you configure the interface to place its controlled port in the authorized state when a Client is authenticated by an Authentication Server. To do this, enter commands such as the following.

Brocade(config)# interface ethernet 1/3/1

Brocade(config-if-e10000-1/3/1)# dot1x port-control auto

Syntax: [no] dot1x port-control [force-authorized force-unauthorized auto]

When an interface control type is set to auto, the controlled port is initially set to unauthorized, but is changed to authorized when the connecting Client is successfully authenticated by an Authentication Server.

The port control type can be one of the following:

force-authorized– The controlled port is placed unconditionally in the authorized state, allowing all traffic. This is the default state for ports on the Brocade device.

force-unauthorized– The controlled port is placed unconditionally in the unauthorized state.

auto – The controlled port is unauthorized until authentication takes place between the Client and Authentication Server. Once the Client passes authentication, the port becomes authorized. This activates authentication on an 802.1X-enabled interface.

NOTE

You cannot enable 802.1X port security on ports that have any of the following features enabled:

Link aggregation

Metro Ring Protocol (MRP)

Mirror port

Trunk port

Configuring periodic re-authentication

You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every 3,600 seconds by default. You can optionally specify a different re-authentication interval of between 1 – 4294967295 seconds.

To configure periodic re-authentication using the default interval of 3,600 seconds, enter the following command.

Brocade(config-dot1x)# re-authentication

Syntax: [no] re-authentication

To configure periodic re-authentication with an interval of 2,000 seconds, enter the following commands.

Brocade(config-dot1x)# re-authentication

Brocade(config-dot1x)# timeout re-authperiod 2000

Syntax: [no] timeout re-authperiod seconds

Brocade ICX 6650 Security Configuration Guide

175

53-1002601-01

 

Page 195
Image 195
Brocade Communications Systems 6650 manual Configuring periodic re-authentication, Syntax no re-authentication