Dell PowerConnect B-RX Configuration Manual page 1023
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
FIGURE 123
Client/Supplicant
In this example, the Authenticator (the BigIron RX device) initiates communication with an
802.1x-enabled Client. When the Client responds, it is prompted for a username (255 characters
maximum) and password. The Authenticator passes this information to the Authentication Server,
which determines whether the Client can access services provided by the Authenticator. When the
Client is successfully authenticated by the RADIUS server, the port is authorized. When the Client
logs off, the port becomes unauthorized again.
Brocade's 802.1x implementation supports dynamic VLAN assignment. If one of the attributes in
the Access-Accept message sent by the RADIUS server specifies a VLAN identifier, and this VLAN is
available on the BigIron RX device, the client's port is moved from its default VLAN to the specified
VLAN. When the client disconnects from the network, the port is placed back in its default VLAN.
Refer to
information.
Brocade's 802.1x implementation supports dynamically applying an IP ACL or MAC address filter to
a port, based on information received from the Authentication Server.
If a Client does not support 802.1x, authentication cannot take place. The BigIron RX sends
EAP-Request/Identity frames to the Client, but the Client does not respond to them.
When a Client that supports 802.1x attempts to gain access through a non-802.1x-enabled port, it
sends an EAP start frame to the BigIron RX device. When the device does not respond, the Client
considers the port to be authorized, and starts sending normal traffic.
BigIron RX Series Configuration Guide
53-1001986-01
Message exchange between Client/Supplicant, Authenticator, and Authentication
Server
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/MD5-Challenge
EAP-Response/Identity
EAP-Success
EAP-Logoff
"Configuring dynamic VLAN assignment for 802.1x ports"
How 802.1x port security works
BigIron Device
(Authenticator)
Port Unauthorized
RADIUS Access-Request
RADIUS Access-Challenge
RADIUS Access-Request
RADIUS Access-Accept
Port Authorized
Port Unauthorized
on page 956 for more
33
RADIUS Server
(Authentication Server)
951
Advertisement
Chapters
Table of Contents
