beautypg.com

Tcp flags - edge port security – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 78

background image

Authentication method values (Continued)

TABLE 9

Method parameter Description

local

Authenticate using a local user name and password you configured on the device. Local user
names and passwords are configured using the username... command. Refer to

Local user

account configuration

on page 40.

tacacs

Authenticate using the database on a TACACS server. You also must identify the server to
the device using the tacacs-server command.

tacacs+

Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.

radius

Authenticate using the database on a RADIUS server. You also must identify the server to the
device using the radius-server command. Refer to

RADIUS security

on page 58.

none

Do not use any authentication method. The device automatically permits access.

TCP Flags - edge port security

NOTE
This feature is not supported on FastIron X Series devices.

The edge port security feature works in combination with IP ACL rules, and supports all 6 TCP flags
present in the offset 13 of the TCP header:

• +|- urg = Urgent
• +|- ack = Acknowledge
• +|- psh = Push
• +|- rst = Reset
• +|- syn = Synchronize
• +|- fin = Finish

TCP flags can be combined with other ACL functions (such as dscp-marking and traffic policies),
giving you greater flexibility when designing ACLs.

The TCP flags feature offers two options, match-all and match-any:

Match-any - Indicates that incoming TCP traffic must be matched against any of the TCP flags

configured as part of the match-any ACL rule. In CAM hardware, the number of ACL rules will
match the number of configured flags.

Match-all - Indicates that incoming TCP traffic must be matched against all of the TCP flags

configured as part of the match-all ACL rule. In CAM hardware, there will be only one ACL rule for
all configured flags.

device(config-ext-nACL)#permit tcp 10.1.1.1 0.0.0.255 eq 100 10.2.2.2 0.0.0.255 eq

300 match-all +urg +ack +syn -rst

This command configures a single rule in CAM hardware. This rule will contain all of the configured
TCP flags (urg, ack, syn, and rst).

TCP Flags - edge port security

78

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: