Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Brocade 6910 Ethernet Access Switch Configuration Guide

5

53-1002581-01

Description of Software Features

1

Authentication

This switch authenticates management access via the console port, Telnet, or a web browser. User
names and passwords can be configured locally or can be verified via a remote authentication
server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X
protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request user
credentials from the 802.1X client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an authentication server
(i.e., RADIUS or TACACS+ server).

Other authentication options include HTTPS for secure management access via the web, SSH for
secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address
filtering for SNMP/Telnet/web management access. MAC address filtering and IP source guard also
provide authenticated port access. While DHCP snooping is provided to prevent malicious attacks
from insecure ports.

Access Control

Lists

ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or
TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to
improve performance by blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.

Port

Configuration

You can manually configure the speed, duplex mode, and flow control used on specific ports, or use
auto-negotiation to detect the connection settings used by the attached device. Use full-duplex
mode on ports whenever possible to double the throughput of switch connections. Flow control
should also be enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buffer thresholds are exceeded. The switch supports flow control based on
the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).

Rate Limiting

This feature controls the maximum rate for traffic transmitted or received on an interface. Rate
limiting is configured on interfaces at the edge of a network to limit traffic into or out of the
network. Packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring

The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a
protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection
integrity.

Port Trunking

Ports can be combined into an aggregate connection. Trunks can be manually set up or
dynamically configured using Link Aggregation Control Protocol (LACP – IEEE 802.3-2005). The
additional ports dramatically increase the throughput across any connection, and provide
redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 12
trunks.

Storm Control

Broadcast, multicast and unknown unicast storm suppression prevents traffic from overwhelming
the network.When enabled on a port, the level of broadcast traffic passing through the port is
restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level
falls back beneath the threshold.

MAC Addresses

A static address can be assigned to a specific interface on this switch. Static addresses are bound
to the assigned interface and will not be moved. When a static address is seen on another
interface, the address will be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known host to a specific port.