Support User Manuals

Brocade Communications Systems 6650 Switch User Manual

Open as PDF

of 332

Brocade ICX 6650 Security Configuration Guide 165

53-1002601-01

802.1X port security configuration

• NAS-IP-Address (4) – RFC 2865

• NAS-Port (5) – RFC 2865

• Service-Type (6) – RFC 2865

• FilterId (11) – RFC 2865

• Framed-MTU (12) – RFC 2865

• State (24) – RFC 2865

• Vendor-Specific (26) – RFC 2865

• Session-Timeout (27) – RFC 2865

• Termination-Action (29) – RFC 2865

• Calling-Station-ID (31) – RFC 2865

• NAS-Port-Type (61) – RFC 2865

• Tunnel-Type (64) – RFC 2868

• Tunnel-Medium-Type (65) – RFC 2868

• EAP Message (79) – RFC 2579

• Message-Authenticator (80) RFC 3579

• Tunnel-Private-Group-Id (81) – RFC 2868

• NAS-Port-id (87) – RFC 2869

Specifying the RADIUS timeout action

A RADIUS timeout occurs when the Brocade device does not receive a response from a RADIUS

server within a specified time limit and after a certain number of retries. The time limit and number

of retries can be manually configured using the CLI commands radius-server timeout and

radius-server retransmit, respectively. If the parameters are not manually configured, the Brocade

device applies the default value of three seconds time limit with a maximum of three retries.

You can better control port behavior when a RADIUS timeout occurs. That is, you can configure a

port on the Brocade device to automatically pass or fail users being authenticated. A pass

essentially bypasses the authentication process and permits user access to the network. A fail

bypasses the authentication process and blocks user access to the network, unless restrict-vlan is

configured, in which case, the user is placed into a VLAN with restricted or limited access. By

default, the Brocade device will reset the authentication process and retry to authenticate the user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Permit user access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the

network, enter commands such as the following

Brocade(config)# interface ethernet 1/3/1

Brocade(config-if-e10000-1/3/1)# dot1x auth-timeout-action success

Syntax: [no] dot1x auth-timeout-action success

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS

timeout behavior to retry.

previous next