Brocade Communications Systems Brocade ICX 6650 6650 User Manual

306

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

denial of service (DoS)

avoiding being a victim in a Smurf attack

,

268

avoiding being an intermediary in a Smurf attack

,

268

displaying information

,

271

enabling for multi-device port authentication

,

245

Smurf attacks

,

267

TCP security enhancement

,

270

TCP SYN attacks

,

269

Dot1x

auth-fail-action restricted-vlan

,

179

auth-fail-action restrict-vlan

,

180

auth-fail-max-attempts

,

180

auth-fail-vlanid

,

179

auth-max

,

177

dot1x disable-filter-strict-security

,

172

dot1x initialize ethernet

,

178

enable all

,

174

enable ethernet

,

174

global-filter-strict-security

,

172

mac-session-aging no-aging denied-mac-only

,

180

mac-session-aging no-aging permitted-mac-only

,

180

max-req

,

178

re-authentication

,

175

save-dynamicvlan-to-config

,

169

servertimeout

,

178

supptimeout

,

178

timeout quiet-period

,

176

timeout re-authperiod

,

175

timeout restrict-fwd-period

,

182

timeout tx-period

,

177

DSA authentication

configuring challenge-response authentication

,

67

deleting key pairs

,

67

enabling challenge-response

,

69

exporting client public keys

,

79

generating a client key pair

,

79

importing public keys into Brocade device

,

68

providing the public key to clients

,

67

Dynamic ARP

about inspection

,

280

configuration notes and feature limitations

,

281

poisoning

,

279

Dynamic ARP inspection

displaying status and ports

,

283

enabling on a VLAN

,

282

enabling trust on a port

,

283

using with IP source guard

,

294

Dynamic Host Configuration Protocol (DHCP)

binding database

,

284

changing the forwarding policy

,

292

clearing the binding database

,

287

configuration example

,

288

configuration notes and feature limitations

,

285

configuring snooping

,

285

defining static IP source bindings

,

296

disabling the learning of clients on a port

,

286

displaying learned IP addresses

,

297

enabling and disabling subscriber ID processing

,

292

enabling IP source guard on a port

,

296

enabling IP source guard on a virtual interface

,

297

enabling IP source guard per-port-per-VLAN

,

297

option 82

,

289

overview

,

279

relay agent information

,

288

snooping

,

283

dynamic MAC-based VLAN

CLI commands

,

213

configuration example

,

214

configuration notes and feature limitations

,

213

disabling aging

,

218

overview

,

213

F

feature support

MAC port security

,

201

multi-device port authentication

,

231

SSH2 and SCP

,

63

traffic policies

,

141

G

Generating

,

79

I

Interface

age

,

204

arp inspection trust

,

283

dhcp snooping relay information

,

291

dhcp snooping relay information option subscriber-id

,

292

dot1x auth-timeout-action failure

,

166

dot1x auth-timeout-action success

,

165

dot1x port-control auto

,

175

dot1x re-auth-timeout- success

,

166

enable

,

203

idhcp snooping trust

,

286

ip access-group frag deny

,

108

ip access-group in

,

144