Security measures, In this chapter, Chapter 41 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 871: Chapter

Advertising
background image

Brocade 6910 Ethernet Access Switch Configuration Guide

821

53-1002581-01

Chapter

41

Security Measures

In this chapter

You can configure this switch to authenticate users logging into the system for management access
using local or remote authentication methods. Port-based authentication using IEEE 802.1X can
also be configured to control either management access to the uplink ports or client access to the
data ports. This switch provides secure network management access using the following options:

AAA

Use local or remote authentication to configure access rights, specify authentication

servers, configure remote authentication and accounting.

User Accounts

– Manually configure access rights on the switch for specified users.

Web Authentication

– Allows stations to authenticate and access the network in situations

where 802.1X or Network Access authentication methods are infeasible or impractical.

Network Access

- Configure MAC authentication, intrusion response, dynamic VLAN

assignment, and dynamic QoS assignment.

HTTPS

– Provide a secure web connection.

SSH

– Provide a secure shell (for secure Telnet access).

ACL

– Access Control Lists provide packet filtering for IP frames (based on address, protocol,

Layer 4 protocol port number or TCP control code).

ARP Inspection

– Security feature that validates the MAC Address bindings for Address

Resolution Protocol packets. Provides protection against ARP traffic with invalid MAC to IP
Address bindings, which forms the basis for certain “man-in-the-middle” attacks.

IP Filter

– Filters management access to the web, SNMP or Telnet interface.

Port Security

– Configure secure addresses for individual ports.

Port Authentication

– Use IEEE 802.1X port authentication to control access to specific ports.

IP Source Guard

– Filters untrusted DHCP messages on insecure ports by building and

maintaining a DHCP snooping binding table.

DHCP Snooping

– Filter IP traffic on insecure ports for which the source address cannot be

identified via DHCP snooping.

NOTE

The priority of execution for the filtering commands is Port Security, Port Authentication, Network
Access, Web Authentication, Access Control Lists, IP Source Guard, and then DHCP Snooping.

Advertising
Popular Brands
Popular manuals