Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 11
Brocade ICX 6650 Security Configuration Guide
xi
53-1002601-01
Multi-device port authentication configuration. . . . . . . . . . . . . . . .236
Enabling multi-device port authentication . . . . . . . . . . . . . . . .237
Specifying the format of the MAC addresses sent to the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Specifying the authentication-failure action . . . . . . . . . . . . . .238
Generating traps for multi-device port authentication . . . . . .239
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .239
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .239
Dynamically applying IP ACLs to authenticated
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Enabling denial of service attack protection . . . . . . . . . . . . . .245
Enabling source guard protection . . . . . . . . . . . . . . . . . . . . . . .246
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . . 247
Disabling aging for authenticated MAC addresses . . . . . . . . .248
Changing the hardware aging period for blocked
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Specifying the aging time for blocked MAC addresses . . . . . .250
Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . .250
Multi-device port authentication password override . . . . . . . .251
Limiting the number of authenticated MAC addresses. . . . . .252
Displaying multi-device port authentication information . . . . . . . .252
Displaying authenticated MAC address information . . . . . . . .252
Displaying multi-device port authentication
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Displaying multi-device port authentication information
for a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . .254
Displaying the authenticated MAC addresses . . . . . . . . . . . . .255
Displaying the non-authenticated MAC addresses . . . . . . . . .256
Displaying multi-device port authentication information
for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Displaying multi-device port authentication settings
and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . .257
Example port authentication configurations. . . . . . . . . . . . . . . . . .260
Multi-device port authentication with dynamic
VLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Examples of multi-device port authentication and 802.1X
authentication configuration on the same port. . . . . . . . . . . .263
Smurf attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Avoiding being an intermediary in a Smurf attack. . . . . . . . . .268
Avoiding being a victim in a Smurf attack . . . . . . . . . . . . . . . .268
TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269
TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Displaying statistics about packets dropped
because of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271