User guide

ManualsBrandsBrocade Communications Systems ManualsComputer AccessoriesBrocate Ethernet Access Switch 6910

221

222

223

224

225

226

227

228

229

230

Brocade 6910 Ethernet Access Switch Configuration Guide 175

53-1002581-01

802.1X Port Authentication

The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized

access to the network by requiring users to first submit credentials for authentication. Client

authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication

Protocol).

TABLE 45 802.1X Port Authentication Commands

Command Function Mode

General Commands

dot1x default Resets all dot1x parameters to their default values GC

dot1x eapol-pass- through Passes EAPOL frames to all ports in STP forwarding state when

dot1x is globally disabled

dot1x system-auth-control Enables dot1x globally on the switch. GC

Authenticator Commands

dot1x intrusion-action Sets the port response to intrusion when authentication fails IC

dot1x max-reauth-req Sets the maximum number of times that the switch sends an

EAP-request/identity frame to the client before restarting the

authentication process

dot1x max-req Sets the maximum number of times that the switch retransmits an

EAP request/identity packet to the client before it times out the

authentication session

dot1x operation-mode Allows single or multiple hosts on an dot1x port IC

dot1x port-control Sets dot1x mode for a port interface IC

dot1x re-authentication Enables re-authentication for all ports IC

dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count

has been exceeded before attempting to acquire a new client

dot1x timeout re-authperiod Sets the time period after which a connected client must be

re-authenticated

dot1x timeout supp-timeout Sets the interval for a supplicant to respond IC

dot1x timeout tx-period Sets the time period during an authentication session that the

switch waits before re-transmitting an EAP packet

dot1x re-authenticate Forces re-authentication on specific ports PE

Supplicant Commands

dot1x identity profile Configures dot1x supplicant user name and password GC

dot1x max-start Sets the maximum number of times that a port supplicant will send

an EAP start frame to the client

dot1x pae supplicant Enables dot1x supplicant mode on an interface IC

dot1x timeout auth-period Sets the time that a supplicant port waits for a response from the

authenticator

dot1x timeout held-period Sets the time a port waits after the maximum start count has been

exceeded before attempting to find another authenticator

dot1x timeout start-period Sets the time that a supplicant port waits before resending an

EAPOL start frame to the authenticator