HP StorageWorks 4/64 Brocade Converged Enhanced Ethernet Administrator's Guide - Page 139
Configuring 802.1x Port Authentication, In this x protocol overview
View all HP StorageWorks 4/64 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
Chapter Configuring 802.1x Port Authentication 10 In this chapter •802.1x protocol overview 119 •802.1x configuration guidelines and restrictions 119 •802.1x authentication configuration tasks 120 •Interface-specific administrative tasks for 802.1x 120 802.1x protocol overview The 802.1x protocol defines a port-based authentication algorithm involving network data communication between client-based supplicant software, an authentication database on a server, and the authenticator device. In this situation the authenticator device is the Brocade FCoE hardware. As the authenticator, the Brocade FCoE hardware prevents unauthorized network access. Upon detection of the new supplicant, the Brocade FCoE hardware enables the port and marks it "unauthorized". In this state, only 802.1x traffic is allowed. All other traffic, such as DHCP and HTTP, is blocked. The Brocade FCoE hardware transmits an EAP-request to the supplicant, which responds with the EAP-response packet. The Brocade FCoE hardware, which then forwards the EAP-response packet to the RADIUS authentication server. If the credentials are validated by the RADIUS server database, the supplicant may access the protected network resources. NOTE 802.1x port authentication is not supported by LAG (Link Aggregation Group) or interfaces that participate in a LAG. NOTE The EAP-MD5, EAP-TLS, EAP-TTLS and PEAP-v0 protocols are supported by the RADIUS server and are transparent to the authenticator switch. When the supplicant logs off, it sends an EAP-logoff message to the Brocade FCoE hardware which then sets the port back to the "unauthorized" state. 802.1x configuration guidelines and restrictions Follow these 802.1x configuration guidelines and restrictions when configuring 802.1x: • If you globally disable 802.1x, then all interface ports with 802.1x authentication enabled automatically switch to force-authorized port-control mode. Converged Enhanced Ethernet Administrator's Guide 119 53-1001346-01