Brocade Communications Systems 6650 Switch User Manual


 
x Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Configuration notes and feature limitations
for dynamic MAC-based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . .213
Dynamic MAC-based VLAN CLI commands . . . . . . . . . . . . . . .213
Dynamic MAC-based VLAN configuration example . . . . . . . . .214
MAC-based VLAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Using MAC-based VLANs and 802.1X security
on the same port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Configuring generic and Brocade vendor-specific
attributes on the RADIUS server. . . . . . . . . . . . . . . . . . . . . . . .216
Aging for MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
Disabling aging for MAC-based VLAN sessions . . . . . . . . . . . .218
Configuring the maximum MAC addresses per port . . . . . . . .219
Configuring a MAC-based VLAN for a static host . . . . . . . . . . .219
Configuring MAC-based VLAN for a dynamic host . . . . . . . . . .220
Configuring dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . .220
Configuring MAC-based VLANs using SNMP . . . . . . . . . . . . . . . . . .221
Displaying information about MAC-based VLANs . . . . . . . . . . . . . .221
Displaying the MAC-VLAN table. . . . . . . . . . . . . . . . . . . . . . . . .221
Displaying the MAC-VLAN table for a specific MAC address . .222
Displaying allowed MAC addresses . . . . . . . . . . . . . . . . . . . . .222
Displaying denied MAC addresses . . . . . . . . . . . . . . . . . . . . . .223
Displaying detailed MAC-VLAN data . . . . . . . . . . . . . . . . . . . . .224
Displaying MAC-VLAN information for a specific interface . . .225
Displaying MAC addresses in a MAC-based VLAN . . . . . . . . . .226
Displaying MAC-based VLAN logging . . . . . . . . . . . . . . . . . . . .227
Clearing MAC-VLAN information. . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Sample MAC-based VLAN application . . . . . . . . . . . . . . . . . . . . . . .227
Chapter 9 Multi-Device Port Authentication
How multi-device port authentication works. . . . . . . . . . . . . . . . . .231
RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . . .232
Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . .232
Support for dynamic VLAN assignment . . . . . . . . . . . . . . . . . .233
Support for dynamic ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Support for authenticating multiple MAC addresses
on an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Support for dynamic ARP inspection with dynamic ACLs . . . .233
Support for DHCP snooping with dynamic ACLs . . . . . . . . . . .234
Support for source guard protection. . . . . . . . . . . . . . . . . . . . .234
Multi-device port authentication and 802.1X
security on the same port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Configuring Brocade-specific attributes on the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235