Brocade Communications Systems 6650 Switch User Manual


 
306 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
denial of service (DoS)
avoiding being a victim in a Smurf attack
, 268
avoiding being an intermediary in a Smurf attack
, 268
displaying information
, 271
enabling for multi-device port authentication
, 245
Smurf attacks
, 267
TCP security enhancement
, 270
TCP SYN attacks
, 269
Dot1x
auth-fail-action restricted-vlan
, 179
auth-fail-action restrict-vlan
, 180
auth-fail-max-attempts
, 180
auth-fail-vlanid
, 179
auth-max
, 177
dot1x disable-filter-strict-security
, 172
dot1x initialize ethernet
, 178
enable all
, 174
enable ethernet
, 174
global-filter-strict-security
, 172
mac-session-aging no-aging denied-mac-only
, 180
mac-session-aging no-aging permitted-mac-only
, 180
max-req
, 178
re-authentication
, 175
save-dynamicvlan-to-config
, 169
servertimeout
, 178
supptimeout
, 178
timeout quiet-period
, 176
timeout re-authperiod
, 175
timeout restrict-fwd-period
, 182
timeout tx-period
, 177
DSA authentication
configuring challenge-response authentication
, 67
deleting key pairs
, 67
enabling challenge-response
, 69
exporting client public keys
, 79
generating a client key pair
, 79
importing public keys into Brocade device
, 68
providing the public key to clients
, 67
Dynamic ARP
about inspection
, 280
configuration notes and feature limitations
, 281
poisoning
, 279
Dynamic ARP inspection
displaying status and ports
, 283
enabling on a VLAN
, 282
enabling trust on a port
, 283
using with IP source guard
, 294
Dynamic Host Configuration Protocol (DHCP)
binding database
, 284
changing the forwarding policy
, 292
clearing the binding database
, 287
configuration example
, 288
configuration notes and feature limitations
, 285
configuring snooping
, 285
defining static IP source bindings
, 296
disabling the learning of clients on a port
, 286
displaying learned IP addresses
, 297
enabling and disabling subscriber ID processing
, 292
enabling IP source guard on a port
, 296
enabling IP source guard on a virtual interface
, 297
enabling IP source guard per-port-per-VLAN
, 297
option 82
, 289
overview
, 279
relay agent information
, 288
snooping
, 283
dynamic MAC-based VLAN
CLI commands
, 213
configuration example
, 214
configuration notes and feature limitations
, 213
disabling aging
, 218
overview
, 213
F
feature support
MAC port security
, 201
multi-device port authentication
, 231
SSH2 and SCP
, 63
traffic policies
, 141
G
Generating, 79
I
Interface
age
, 204
arp inspection trust
, 283
dhcp snooping relay information
, 291
dhcp snooping relay information option subscriber-id
,
292
dot1x auth-timeout-action failure
, 166
dot1x auth-timeout-action success
, 165
dot1x port-control auto
, 175
dot1x re-auth-timeout- success
, 166
enable
, 203
idhcp snooping trust
, 286
ip access-group frag deny
, 108
ip access-group in
, 144