Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 8
viii
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Configuring adaptive rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . .144
Marking Class of Service parameters in adaptive rate limiting145
Handling packets that exceed the rate limit . . . . . . . . . . . . . . . . . . 147
Dropping packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Permitting packets at low priority . . . . . . . . . . . . . . . . . . . . . . .148
Enabling and using ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . .148
Enabling ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Enabling ACL statistics with rate limiting traffic policies. . . . .150
Viewing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . . .150
Clearing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . .151
Viewing traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
IETF RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
How 802.1X port security works . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Device roles in an 802.1X configuration . . . . . . . . . . . . . . . . .154
Communication between the devices . . . . . . . . . . . . . . . . . . .155
Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . . .155
Message exchange during authentication . . . . . . . . . . . . . . . .157
Authenticating multiple hosts connected to the same port . .159
802.1X port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . .162
802.1X accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
802.1X port security configuration . . . . . . . . . . . . . . . . . . . . . . . . .163
Configuring an authentication method list for 802.1X . . . . . .164
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Dynamic VLAN assignment for 802.1X port configuration . . .166
Dynamically applying IP ACLs and MAC address filters
to 802.1X ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Enabling 802.1X port security. . . . . . . . . . . . . . . . . . . . . . . . . . 174
Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Configuring periodic re-authentication. . . . . . . . . . . . . . . . . . .175
Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . . . 176
Setting the quiet period. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Specifying the wait interval and number of EAP-request/
identity frame retransmissions from the Brocade device . . . . 176
Wait interval and number of EAP-request/
identity frame retransmissions from the RADIUS server . . . .177
Specifying a timeout for retransmission of messages
to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Initializing 802.1X on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Allowing access to multiple hosts . . . . . . . . . . . . . . . . . . . . . . .179
MAC address filters for EAP frames . . . . . . . . . . . . . . . . . . . . .182
Configuring VLAN access for non-EAP-capable clients . . . . . .182
802.1X accounting configuration. . . . . . . . . . . . . . . . . . . . . . . . . . .182
802.1X accounting attributes for RADIUS . . . . . . . . . . . . . . . .183
Enabling 802.1X accounting . . . . . . . . . . . . . . . . . . . . . . . . . . .183