Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide xi
53-1002601-01
Multi-device port authentication configuration. . . . . . . . . . . . . . . .236
Enabling multi-device port authentication . . . . . . . . . . . . . . . .237
Specifying the format of the MAC addresses sent to the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Specifying the authentication-failure action . . . . . . . . . . . . . .238
Generating traps for multi-device port authentication . . . . . .239
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .239
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .239
Dynamically applying IP ACLs to authenticated
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Enabling denial of service attack protection . . . . . . . . . . . . . .245
Enabling source guard protection. . . . . . . . . . . . . . . . . . . . . . .246
Clearing authenticated MAC addresses. . . . . . . . . . . . . . . . . .247
Disabling aging for authenticated MAC addresses . . . . . . . . .248
Changing the hardware aging period for blocked
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Specifying the aging time for blocked MAC addresses . . . . . .250
Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . .250
Multi-device port authentication password override. . . . . . . .251
Limiting the number of authenticated MAC addresses. . . . . .252
Displaying multi-device port authentication information . . . . . . . .252
Displaying authenticated MAC address information . . . . . . . .252
Displaying multi-device port authentication
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Displaying multi-device port authentication information
for a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . .254
Displaying the authenticated MAC addresses . . . . . . . . . . . . .255
Displaying the non-authenticated MAC addresses . . . . . . . . .256
Displaying multi-device port authentication information
for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Displaying multi-device port authentication settings
and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . .257
Example port authentication configurations. . . . . . . . . . . . . . . . . .260
Multi-device port authentication with dynamic
VLAN assignment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Examples of multi-device port authentication and 802.1X
authentication configuration on the same port. . . . . . . . . . . .263
Chapter 10 DoS Attack Protection
Smurf attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Avoiding being an intermediary in a Smurf attack. . . . . . . . . .268
Avoiding being a victim in a Smurf attack . . . . . . . . . . . . . . . .268
TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269
TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Displaying statistics about packets dropped
because of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271