Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

97

53-1003099-01

5

17. Refer to the Trust field to define or override the following:

NOTE

Some vendor solutions with VRRP enabled send ARP packets with Ethernet SMAC as a physical MAC
and inner ARP SMAC as VRRP MAC. If this configuration is enabled, a packet is allowed, despite a
conflict existing.

18. Set the following 802.1X Settings:

19. Select Enable within the 802.1x supplicant (client) feature field to enable a username and

password pair used when authenticating users on this port. This setting is disabled by default.
The password cannot exceed 32 characters.

20. Select OK to save the changes and overrides made to the Ethernet port’s security

configuration. Select Reset to revert to the last saved configuration.

21. Select the Spanning Tree tab.

Trust ARP Responses

Select this option to enable ARP trust on this port. ARP packets received on this port are considered
trusted, and the information from these packets is used to identify rogue devices within the network.
The default value is disabled.

Trust DHCP Responses

Select this option to enable DHCP trust on this port. If enabled, only DHCP responses are trusted and
forwarded on this port, and a DHCP server can be connected only to a DHCP trusted port. The default
value is enabled.

ARP header Mismatch
Validation

Select this option to enable a mismatch check for the source MAC in both the ARP and Ethernet
header. The default value is enabled.

Trust 8021p COS values

Select this option to enable 802.1p COS values on this port. The default value is enabled.

Trust IP DSCP

Select this option to enable IP DSCP values on this port. The default value is enabled.

Host Mode

Use the drop-down menu to select the host mode configuration to apply to this port. Options include
single-host or multi-host. The default setting is single-host.

Guest VLAN

Specify a guest VLAN for this port from 1 - 4094. This is the VLAN traffic is bridged on if this port is
unauthorized and the guest VLAN is globally enabled.

Port Control

Use the drop-down menu to set the port control state to apply to this port. Options include
force-authorized, force-unauthorized and automatic. The default setting is port-authorized.

Re Authenticate

Select this setting to force clients to reauthenticate on this port. The default setting is disabled, thus
clients do not need to reauthenticate for connection over this port until this setting is enabled.

Max Reauthenticate
Count

Set the maximum reauthentication attempts (1 - 10) before this port is moved to unauthorized. The
default setting is 2.

Quiet Period

Set the quiet period for this port from 1 - 65,535 seconds.This is the maximum wait time 802.1x waits
upon a failed authentication attempt. The default setting is 60 seconds.

Reauthenticate
Period

Use the spinner control to set the reauthentication period for this port from 1 - 65,535 seconds. The
default setting is 60 seconds.

Port MAC
Authentication

When enabled, a port’s MAC address is authenticated, as only one MAC address is supported per wired
port. When successfully authenticated, packets from the source are processed. Packets from all other
sources are dropped. Port MAC authentication is supported on RFS4000, RFS6000 model controllers
and NX4500, NX6500 and NX9000 series service platforms.
Port MAC authentication may be enabled on ports in conjunction with Wired 802.1x settings for a MAC
Authentication AAA policy.