Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring Switch Authentication Features (Rev. 03)
802.1x Port-Based Authentication
© 2008 Foundry Networks, Inc.
Page 51 of 70
Parameter
Default Value
Traffic Control Mode
Bi-directional
Authorization mode
Force-Authorized
Host Mode
Single-Host mode
Debug 802.1x
Disabled
802.1x Accounting.
Disabled
Interim-Update messages
Disabled
Configuring and Displaying 802.1x
The 802.1x implementation on the device consists of configuring the three participants for
operation. Supplicants that connect to 802.1x authenticators are required to support EAP. The
802.1x implementation needs at least one RADIUS server to be configured. Dot1x works with
every RADIUS server that is compatible with RFC 2865 and RFC 2869, as well as with every
802.1x host that is compatible with the IEEE 802.1x standard. The RADIUS server and the host
must be configured with the proper authentication identification: passwords and usernames or
certificates and certificate authorities. Third-party supplicants must also be configured to use the
protocol for the adapters and with the appropriate ID information. This varies depending on the
802.1x host software. The RADIUS server must be configured with the IP address of any device
that requests information. It must also be configured with a unique key that must also be
configured on the device. Finally, the RADIUS server must be configured and the device must be
configured as authenticator.
This setting enables the 802.1x port authentication process and makes the device an authenticator.
Configured as Authenticator, the device is able to send the EAP messages to the supplicant, proxy
the information to the configured authentication (RADIUS) server(s), and act on the messages
received from those servers to authorize ports.
The authenticator ports can be in one of three authorization modes:
force-authorized
(the default
mode),
auto
and
force-unauthorized
. To set the ports’ mode, proceed according to the following
guidelines:
1. Enter into Interface Configuration mode.
2. Set 802.1x to the particular control type for the specified port. See
Setting the Control Type for
a Specified Port
.
802.1x Global Configuration Commands
Table 18
lists the 802.1x global configuration commands.
Table 18: 802.1x Global Configuration Commands
Command
Description
dot1x accounting
Enables the 802.1x Accounting.