beautypg.com

Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 11

background image

Brocade ICX 6650 Security Configuration Guide

xi

53-1002601-01

Multi-device port authentication configuration. . . . . . . . . . . . . . . .236

Enabling multi-device port authentication . . . . . . . . . . . . . . . .237
Specifying the format of the MAC addresses sent to the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Specifying the authentication-failure action . . . . . . . . . . . . . .238
Generating traps for multi-device port authentication . . . . . .239
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .239
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .239
Dynamically applying IP ACLs to authenticated
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Enabling denial of service attack protection . . . . . . . . . . . . . .245
Enabling source guard protection . . . . . . . . . . . . . . . . . . . . . . .246
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . . 247
Disabling aging for authenticated MAC addresses . . . . . . . . .248
Changing the hardware aging period for blocked
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Specifying the aging time for blocked MAC addresses . . . . . .250
Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . .250
Multi-device port authentication password override . . . . . . . .251
Limiting the number of authenticated MAC addresses. . . . . .252

Displaying multi-device port authentication information . . . . . . . .252

Displaying authenticated MAC address information . . . . . . . .252
Displaying multi-device port authentication
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Displaying multi-device port authentication information
for a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . .254
Displaying the authenticated MAC addresses . . . . . . . . . . . . .255
Displaying the non-authenticated MAC addresses . . . . . . . . .256
Displaying multi-device port authentication information
for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Displaying multi-device port authentication settings
and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . .257

Example port authentication configurations. . . . . . . . . . . . . . . . . .260

Multi-device port authentication with dynamic
VLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Examples of multi-device port authentication and 802.1X
authentication configuration on the same port. . . . . . . . . . . .263

Chapter 10

DoS Attack Protection

Smurf attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

Avoiding being an intermediary in a Smurf attack. . . . . . . . . .268
Avoiding being a victim in a Smurf attack . . . . . . . . . . . . . . . .268

TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269

TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Displaying statistics about packets dropped
because of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

See also other documents in the category Brocade Communications Systems Computer Accessories: