![](http://pdfasset.owneriq.net/e/30/e30f666b-2eee-45fb-a6b3-443a13ab9963/e30f666b-2eee-45fb-a6b3-443a13ab9963-bg100.png)
236 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Multi-device port authentication configuration
If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.
Configuration examples are shown in “Examples of multi-device port authentication and 802.1X
authentication configuration on the same port” on page 263.
Multi-device port authentication configuration
Configuring multi-device port authentication on the Brocade device consists of the following tasks:
• Enabling multi-device port authentication globally and on individual interfaces
• Specifying the format of the MAC addresses sent to the RADIUS server (optional)
• Specifying the authentication-failure action (optional)
• Enabling and disabling SNMP traps for multi-device port authentication
• Defining MAC address filters (optional)
• Configuring dynamic VLAN assignment (optional)
• Dynamically Applying IP ACLs to authenticated MAC addresses
• Enabling denial of service attack protection (optional)
TABLE 55 Brocade vendor-specific attributes for RADIUS
Attribute name Attribute ID Data type Description
Foundry-802_1x-enable 6 integer Specifies whether 802.1X authentication is
performed when multi-device port
authentication is successful for a device. This
attribute can be set to one of the following:
0 - Do not perform 802.1X authentication on
a device that passes multi-device port
authentication. Set the attribute to zero for
devices that do not support 802.1X
authentication.
1 - Perform 802.1X authentication when a
device passes multi-device port
authentication. Set the attribute to one for
devices that support 802.1X authentication.
Foundry-802_1x-valid 7 integer Specifies whether the RADIUS record is valid
only for multi-device port authentication, or
for both multi-device port authentication and
802.1X authentication.
This attribute can be set to one of the
following:
0 - The RADIUS record is valid only for
multi-device port authentication. Set this
attribute to zero to prevent a user from using
their MAC address as username and
password for 802.1X authentication
1 - The RADIUS record is valid for both
multi-device port authentication and 802.1X
authentication.