beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 9

background image

Multi-Service IronWare Security Configuration Guide

ix

53-1003035-02

Chapter 5

Configuring Secure Shell and Secure Copy

SSH server version 2 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Supported SSHv2 clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Configuring SSH server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Enabling and disabling SSH server by generating and deleting host
keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Configuring DSA or RSA public key authentication . . . . . . . . .245
Configuring DSA public key authentication . . . . . . . . . . . . . . . 247
Setting optional parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Disabling 3-DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Displaying SSH server connection information . . . . . . . . . . . .252
Ending an SSH server connection . . . . . . . . . . . . . . . . . . . . . .254
Outbound SSHv2 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Using an SSH2 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Displaying SSH2 client information . . . . . . . . . . . . . . . . . . . . .257

Using Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Secure Copy feature for Brocade NetIron CES and Brocade NetIron
CER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Secure Copy Feature for Brocade NetIron XMR. . . . . . . . . . . .260

Chapter 6

Configuring Multi-Device Port Authentication

How multi-device port authentication works. . . . . . . . . . . . . . . . . .270

RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . . .270
Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Dynamic VLAN and ACL assignments. . . . . . . . . . . . . . . . . . . . 271
Support for authenticating multiple MAC addresses on an interface
271
Support for multi-device port authentication and 802.1x on the same
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Configuring multi-device port authentication . . . . . . . . . . . . . . . . .272

Enabling multi-device port authentication . . . . . . . . . . . . . . . .272
Configuring an authentication method list for 802.1x . . . . . .273
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .273
Specifying the format of the MAC addresses sent to the RADIUS
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Specifying the authentication-failure action . . . . . . . . . . . . . . 274
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .275
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .275
Specifying the VLAN to which a port is moved after the RADIUS-
specified VLAN assignment expires . . . . . . . . . . . . . . . . . . . . . 276
Saving dynamic VLAN assignments to the running configuration file
277
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . .277
Disabling aging for authenticated MAC addresses . . . . . . . . .278
Specifying the aging time for blocked MAC addresses . . . . . .278

See also other documents in the category Brocade Computer Accessories: