beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 9

background image

MAC address filter logging command syntax....................................250

Configuring MAC filter accounting.................................................................250
MAC address filter override for 802.1X-enabled ports.................................. 251

MAC address filter override configuration notes............................... 251
MAC address filter override configuration syntax..............................251

Multi-Device Port Authentication...........................................................................................253

Supported Multi-device port authentication (MDPA) features....................... 253
How multi-device port authentication works..................................................254

RADIUS authentication..................................................................... 255
Authentication-failure actions............................................................ 255
Unauthenticated port behavior.......................................................... 255
Supported RADIUS attributes........................................................... 255
Support for dynamic VLAN assignment............................................ 256
Support for dynamic ACLs................................................................ 256
Support for authenticating multiple MAC addresseson an interface. 256
Support for dynamic ARP inspection with dynamic ACLs.................256
Support for DHCP snooping with dynamic ACLs.............................. 257
Support for source guard protection..................................................257

Multi-device port authentication and 802.1Xsecurity on the same port.........257

Configuring Brocade-specific attributes on theRADIUS server.........258

Multi-device port authentication configuration...............................................259

Enabling multi-device port authentication......................................... 259
Specifying the format of the MAC addresses sent to theRADIUS

server...........................................................................................260

Specifying the authentication-failure action.......................................260
Generating traps for multi-device port authentication....................... 261
Defining MAC address filters.............................................................261
Configuring dynamic VLAN assignment............................................261
Dynamically applying IP ACLs to authenticated MAC addresses..... 265
Enabling denial of service attack protection......................................267
Enabling source guard protection..................................................... 268
Clearing authenticated MAC addresses............................................269
Disabling aging for authenticated MAC addresses........................... 270
Changing the hardware aging period for blockedMAC addresses....270
Specifying the aging time for blocked MAC addresses.....................271
Specifying the RADIUS timeout action..............................................271
Multi-device port authentication password override.......................... 272
Limiting the number of authenticated MAC addresses..................... 273

Displaying multi-device port authentication information................................ 273

Displaying authenticated MAC address information......................... 273
Displaying multi-device port authenticationconfiguration

information...................................................................................274

Displaying multi-device port authentication informationfor a

specific MAC address or port...................................................... 275

Displaying the authenticated MAC addresses.................................. 276
Displaying the non-authenticated MAC addresses........................... 276
Displaying multi-device port authentication information for a port.....276
Displaying multi-device port authentication settingsand

authenticated MAC addresses.................................................... 277

Displaying the MAC authentication table for FCX and ICX devices..280

Example port authentication configurations.................................................. 281

Multi-device port authentication with dynamicVLAN assignment .....281
Examples of multi-device port authentication and 802.1X

authentication configuration on the same port.............................285

FastIron Ethernet Switch Security Configuration Guide

9

53-1003088-03

See also other documents in the category Brocade Computer Accessories: