Security access, Securing access methods, Chapter 1 – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

1

53-1002601-01

Chapter

1

Security Access

Table 1

lists the security access features supported on Brocade ICX 6650. These features are

supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images, except
where explicitly noted.

This chapter explains how to secure access to management functions on a Brocade device.

NOTE

For the Brocade ICX 6650, RADIUS Challenge is supported for 802.1x authentication but not for
login authentication. Also, multiple challenges are supported for TACACS+ login authentication.

Securing access methods

The following table lists the management access methods available on a Brocade device, how they
are secured by default, and the ways in which they can be secured.

TABLE 1

Supported security access features

Feature

Brocade ICX 6650

Authentication, Authorization and
Accounting (AAA):

•

RADIUS

•

TACACS/TACACS+

Yes

AAA support for console commands

Yes

Restricting remote access to management
functions

Yes

Disabling TFTP access

Yes

Using ACLs to restrict remote access

Yes

Local user accounts

Yes

Local user passwords

Yes

AAA authentication-method lists

Yes

Packet filtering on TCP flags

Yes

TABLE 2

Ways to secure management access to Brocade devices

Access method

How the access
method is secured
by default

Ways to secure the access method

Serial access to the CLI

Not secured

Establish passwords for management privilege levels