Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 11
Multi-Service IronWare Security Configuration Guide
xi
53-1003035-02
Configuring 802.1x port security . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Configuring an authentication method list
for 802.1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Configuring dynamic VLAN assignment for
802.1x ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305
Disabling and enabling strict security mode for
dynamic filter assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Dynamically applying existing ACLs or MAC
address filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
Configuring per-user IP ACLs or MAC address filters. . . . . . . .309
Enabling 802.1x port security. . . . . . . . . . . . . . . . . . . . . . . . . .310
Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
Configuring periodic re-authentication. . . . . . . . . . . . . . . . . . .311
Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . . .312
Setting the quiet period. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Setting the interval for retransmission of
EAP-request or identity frames . . . . . . . . . . . . . . . . . . . . . . . . .312
Specifying the number of EAP-request or
identity frame retransmissions . . . . . . . . . . . . . . . . . . . . . . . . .313
Specifying a timeout for retransmission of messages
to the Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . .313
Specifying a timeout for retransmission of
EAP-request frames to the client . . . . . . . . . . . . . . . . . . . . . . .313
Initializing 802.1x on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .314
Allowing multiple 802.1x clients to authenticate. . . . . . . . . . .314
Displaying 802.1x information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Displaying 802.1x configuration information. . . . . . . . . . . . . .315
Displaying 802.1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Clearing 802.1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
Displaying dynamically assigned VLAN information . . . . . . . .320
Displaying information on MAC address filters
and IP ACLs on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . .320
Displaying information about the dot1x-mac-sessions
on each port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Sample 802.1x configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Protecting against Denial of Service Attacks
Protecting against smurf attacks . . . . . . . . . . . . . . . . . . . . . . . . . . .327
Avoiding being an intermediary in a smurf attack. . . . . . . . . .328
Avoiding being a victim in a smurf attack . . . . . . . . . . . . . . . .328
Protecting against TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . .330
TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
Protecting against UDP attacks . . . . . . . . . . . . . . . . . . . . . . . .332
Enhanced DOS attack prevention for IPv6. . . . . . . . . . . . . . . .333
Displaying statistics from a DoS attack . . . . . . . . . . . . . . . . . . . . . .334
Clear DoS attack statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334