Brocade BigIron RX Series Configuration Guide User Manual
Page 31
BigIron RX Series Configuration Guide
xxxi
53-1002484-04
Configuring 802.1x port security . . . . . . . . . . . . . . . . . . . . . . . . . 1052
Configuring an authentication method list for 802.1x . . . . 1053
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . 1053
Configuring dynamic VLAN assignment for 802.1x ports . . 1054
Disabling and enabling strict security mode for dynamic
filter assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1056
Dynamically applying existing ACLs or MAC address filter . .1057
Configuring per-user IP ACLs or MAC address filters. . . . . . 1058
Enabling 802.1x port security. . . . . . . . . . . . . . . . . . . . . . . . 1059
Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1059
Configuring periodic re-authentication. . . . . . . . . . . . . . . . . 1060
Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . .1061
Setting the quiet period. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1061
Setting the interval for retransmission of EAP-request/
identity frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1061
Specifying the number of EAP-request/identity frame
retransmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1062
Specifying a timeout for retransmission of messages
to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . 1062
Specifying a timeout for retransmission of
EAP-request frames to the client . . . . . . . . . . . . . . . . . . . . . 1062
Initializing 802.1x on a port . . . . . . . . . . . . . . . . . . . . . . . . . 1063
Allowing multiple 802.1x clients to authenticate. . . . . . . . . 1063
Displaying 802.1x information . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
Displaying 802.1x configuration information. . . . . . . . . . . . 1064
Displaying 802.1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . 1067
Clearing 802.1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 1068
Displaying dynamically assigned VLAN information . . . . . . 1068
Displaying information on MAC address filters and IP ACLs on an
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1069
Displaying information about the dot1x-mac-sessions on
each port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1070
Sample 802.1x configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . .1072
Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . .1072
Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1074
802.1X Authentication with dynamic VLAN assignment . . . .1075
Protecting Against Denial of Service Attacks
Protecting against Smurf attacks. . . . . . . . . . . . . . . . . . . . . . . . . .1077
Avoiding being an intermediary in a Smurf attack. . . . . . . . .1078
ACL-based DOS-attack prevention . . . . . . . . . . . . . . . . . . . . .1078
Protecting against TCP SYN attacks. . . . . . . . . . . . . . . . . . . . . . . .1079
TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . 1080
Displaying statistics due DoS attacks . . . . . . . . . . . . . . . . . . . . . .1081
Clear DoS attack statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082