Support User Manuals

Brocade Communications Systems 6650 Switch User Manual

Open as PDF

of 332

306 Brocade ICX 6650 Security Configuration Guide

53-1002601-01

denial of service (DoS)

avoiding being a victim in a Smurf attack

, 268

avoiding being an intermediary in a Smurf attack

, 268

displaying information

, 271

enabling for multi-device port authentication

, 245

Smurf attacks

, 267

TCP security enhancement

, 270

TCP SYN attacks

, 269

Dot1x

auth-fail-action restricted-vlan

, 179

auth-fail-action restrict-vlan

, 180

auth-fail-max-attempts

, 180

auth-fail-vlanid

, 179

auth-max

, 177

dot1x disable-filter-strict-security

, 172

dot1x initialize ethernet

, 178

enable all

, 174

enable ethernet

, 174

global-filter-strict-security

, 172

mac-session-aging no-aging denied-mac-only

, 180

mac-session-aging no-aging permitted-mac-only

, 180

max-req

, 178

re-authentication

, 175

save-dynamicvlan-to-config

, 169

servertimeout

, 178

supptimeout

, 178

timeout quiet-period

, 176

timeout re-authperiod

, 175

timeout restrict-fwd-period

, 182

timeout tx-period

, 177

DSA authentication

configuring challenge-response authentication

, 67

deleting key pairs

, 67

enabling challenge-response

, 69

exporting client public keys

, 79

generating a client key pair

, 79

importing public keys into Brocade device

, 68

providing the public key to clients

, 67

Dynamic ARP

about inspection

, 280

configuration notes and feature limitations

, 281

poisoning

, 279

Dynamic ARP inspection

displaying status and ports

, 283

enabling on a VLAN

, 282

enabling trust on a port

, 283

using with IP source guard

, 294

Dynamic Host Configuration Protocol (DHCP)

binding database

, 284

changing the forwarding policy

, 292

clearing the binding database

, 287

configuration example

, 288

configuration notes and feature limitations

, 285

configuring snooping

, 285

defining static IP source bindings

, 296

disabling the learning of clients on a port

, 286

displaying learned IP addresses

, 297

enabling and disabling subscriber ID processing

, 292

enabling IP source guard on a port

, 296

enabling IP source guard on a virtual interface

, 297

enabling IP source guard per-port-per-VLAN

, 297

option 82

, 289

overview

, 279

relay agent information

, 288

snooping

, 283

dynamic MAC-based VLAN

CLI commands

, 213

configuration example

, 214

configuration notes and feature limitations

, 213

disabling aging

, 218

overview

, 213

F

feature support

MAC port security

, 201

multi-device port authentication

, 231

SSH2 and SCP

, 63

traffic policies

, 141

G

Generating, 79

I

Interface

age

, 204

arp inspection trust

, 283

dhcp snooping relay information

, 291

dhcp snooping relay information option subscriber-id

,

292

dot1x auth-timeout-action failure

, 166

dot1x auth-timeout-action success

, 165

dot1x port-control auto

, 175

dot1x re-auth-timeout- success

, 166

enable

, 203

idhcp snooping trust

, 286

ip access-group frag deny

, 108

ip access-group in

, 144

previous next