Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 165
53-1002601-01
802.1X port security configuration
NAS-IP-Address (4) – RFC 2865
NAS-Port (5) – RFC 2865
Service-Type (6) – RFC 2865
FilterId (11) – RFC 2865
Framed-MTU (12) – RFC 2865
State (24) – RFC 2865
Vendor-Specific (26) – RFC 2865
Session-Timeout (27) – RFC 2865
Termination-Action (29) – RFC 2865
Calling-Station-ID (31) – RFC 2865
NAS-Port-Type (61) – RFC 2865
Tunnel-Type (64) – RFC 2868
Tunnel-Medium-Type (65) – RFC 2868
EAP Message (79) – RFC 2579
Message-Authenticator (80) RFC 3579
Tunnel-Private-Group-Id (81) – RFC 2868
NAS-Port-id (87) – RFC 2869
Specifying the RADIUS timeout action
A RADIUS timeout occurs when the Brocade device does not receive a response from a RADIUS
server within a specified time limit and after a certain number of retries. The time limit and number
of retries can be manually configured using the CLI commands radius-server timeout and
radius-server retransmit, respectively. If the parameters are not manually configured, the Brocade
device applies the default value of three seconds time limit with a maximum of three retries.
You can better control port behavior when a RADIUS timeout occurs. That is, you can configure a
port on the Brocade device to automatically pass or fail users being authenticated. A pass
essentially bypasses the authentication process and permits user access to the network. A fail
bypasses the authentication process and blocks user access to the network, unless restrict-vlan is
configured, in which case, the user is placed into a VLAN with restricted or limited access. By
default, the Brocade device will reset the authentication process and retry to authenticate the user.
Specify the RADIUS timeout action at the Interface level of the CLI.
Permit user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the
network, enter commands such as the following
Brocade(config)# interface ethernet 1/3/1
Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action success
Syntax: [no] dot1x auth-timeout-action success
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.