Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 1
53-1002601-01
Chapter
1
Security Access
Table 1 lists the security access features supported on Brocade ICX 6650. These features are
supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images, except
where explicitly noted.
This chapter explains how to secure access to management functions on a Brocade device.
NOTE
For the Brocade ICX 6650, RADIUS Challenge is supported for 802.1x authentication but not for
login authentication. Also, multiple challenges are supported for TACACS+ login authentication.
Securing access methods
The following table lists the management access methods available on a Brocade device, how they
are secured by default, and the ways in which they can be secured.
TABLE 1 Supported security access features
Feature Brocade ICX 6650
Authentication, Authorization and
Accounting (AAA):
RADIUS
TACACS/TACACS+
Yes
AAA support for console commands Yes
Restricting remote access to management
functions
Yes
Disabling TFTP access Yes
Using ACLs to restrict remote access Yes
Local user accounts Yes
Local user passwords Yes
AAA authentication-method lists Yes
Packet filtering on TCP flags Yes
TABLE 2 Ways to secure management access to Brocade devices
Access method How the access
method is secured
by default
Ways to secure the access method
Serial access to the CLI Not secured Establish passwords for management privilege levels