Brocade Communications Systems 6910 manual IP Source Guard

Page 56

IP Source Guard

IP Source Guard

IP Source Guard is a security feature that restricts IP traffic on untrusted ports. IP Source Guard filters traffic based on the DHCP snooping binding database or the manually configured IP source bindings.

When IP Source Guard is first enabled, only DHCP packets are allowed and all IP traffic is blocked. When the system learns a valid IP address, IP Source Guard then allows IP traffic. Only the traffic with valid source IP addresses is permitted.

SNMP IP Source Guard MIB objects manage information for the configuration of the IP Source Guard feature. There are three tables for IP Source Guard:

fdryIpSrcGuardIfConfigTable - enables or disables IP Source Guard on each physical interface.

fdryIpSrcGuardPortVlanConfigTable - enables or disables IP Source Guard on a port on a VLAN. (Not provided by this switch.)

fdryIpSrcGuardBindTable - provides the IP addresses used for IP Source Guard purposes at each physical interface, with or without specific VLAN memberships. (To be provided at a later date.)

IP Source Guard Interface configuration table

Name, Identifier, and Syntax

Access

Description

 

 

 

fdryIpSrcGuardIfConfigTable

N/A

This table enables or disables IP Source Guard on each

brcdIp.1.1.3.37.1.1

 

physical interface.

 

 

 

fdryIpSrcGuardIfConfigEntry

N/A

A row indicates if IP Source Guard is enabled or

brcdIp.1.1.3.37.1.1.1

 

disabled on each physical interface. It is indexed by

 

 

ifIndex.

 

 

 

fdryIpSrcGuardIfEnable

Read-write

This object indicates whether IP Source Guard is

brcdIp.1.1.3.37.1.1.1.1

 

enabled on this interface.

Syntax: TruthValue

 

If this object is set to “true”, IP Source Guard is

 

 

enabled. Traffic coming to this interface will be

 

 

forwarded if it is from the list of IP addresses obtained

 

 

from DHCP snooping. Otherwise it is denied.

 

 

If this object is set to “false”, IP Source Guard is

 

 

disabled.

 

 

 

44

Brocade 6910 Ethernet Access Switch MIB Reference

 

53-1002582-01

Image 56
Contents Brocade 6910 Ethernet Access Switch Brocade Communications Systems, Incorporated Document History Brocade 6910 Ethernet Access Switch MIB Reference Contents Chapter Registration Physical Properties of a Device Chapter MAC-Based Vlan MIB Variable Index Supported hardware and software About This DocumentThis chapter Text formatting Document conventionsRelated publications Getting technical help Document feedback Page Obtaining and installing the Brocade 6910 MIBs Overview of the Brocade 6910 MIBIntroduction Downloading the MIB from Technical Support web siteReloading MIBs into a third-party NMS Standard objectsProprietary objects Object Group Name Object Identifier Sections to Refer To Structure of this guide Structure of this guideSNMPv3 support RFC compliance management Supported on Brocade 6910 switchesSupported Standard MIBs Ieee standards Lldp MIB supportPartially supported standards Following groups are supported on Brocade 6910 switches RFC 1213 Management Information Base MIB-IIRFC 1493 Definitions of managed objects for bridges RFC 1611 DNS Server MIB extensionsRFC 1612 DNS Resolver MIB Extensions Following groups are supported on Brocade 6910 switches RFC 2096 IP forwarding table MIB RFC 2576 Snmp Community MIBRFC 2737 Entity MIB, Version RFC 2737 Entity MIB, VersionRFC 2863 Interfaces Group MIB RFC 2925 Ping MIBRFC 2925 Remote Trace MIB RFC 3636 Ieee 802.3 Medium Attachment Units MAU MIB RFC 3413 Snmp Notification MIBRFC 3635 Ethernet-like interface types Ieee 802.1ag Connectivity Fault Management CFM MIB RFC 4878 OAM Functions on Ethernet-Like Interfaces MIB Dot3OamDyingGaspEnable Dot3OamEventLogTable RFC 4878 OAM Functions on Ethernet-Like Interfaces MIB Registration Object Name and Identifier DescriptionRegistration Power supply Physical Properties of a DeviceCommon objects BoardsPower supply table TemperatureGeneral chassis Common objectsBasic Configuration and Management Software ImageReload Following object allows you to reload the agentFile download and upload Software ImageSoftware Image Software image details Syntax DisplayString It can display up to 32 characters Software configuration Switch IP configurationsSoftware configuration Sntp server tableMedia table Media table General security objects User AccessAgent user access group Radius general group Authorization and accountingAuthorization and accounting Following objects provide information on the Radius server Radius server tableRadius server table Tacacs general objects Tacacs general objectsFollowing objects provide information on the Tacacs server Tacacs server tableTacacs server table Tacacs server table Multi-Device Port Authentication Multi-device port authenticationGlobal multi-device port authentication objects Clear interface multi-device port authentication objectsMulti-device port authentication Multi-device port authentication objectsMulti-device port authentication clear sessions Multi-device port authentication Multi-device port authentication Traffic Security Dynamic ARP Inspection Vlan configuration tableDAI Vlan configuration table Dynamic Host Configuration Protocol Dynamic Host Configuration ProtocolDynamic ARP Inspection Interface configuration table Dhcp Snooping global scalar object Dhcp Snooping Vlan configuration tableDhcp Snooping Interface configuration table IP Source Guard IP Source Guard Interface configuration tableIP Source Guard MAC-Based Vlan MAC-based Vlan global objectsMAC-based Vlan global objects Interfaces Switch port informationSwitch port information group Switch port information Link Aggregation Group LAG table Link Aggregation Group LAG tableFdryLinkAggregationGroupTable Link Aggregation Group LAG table System Dram information group Monitoring and LoggingCPU utilization Global ARP statistics Support for optical monitoringGlobal ARP statistics Following are the MIB objects display statistics for ARPSystem logging System loggingSystem log server table System logging Agent temperature table for stacking Object for StackingAgent temperature table for stacking Traps and Objects to Enable Traps Objects for Brocade 6910 switch trapsTrap information Trap receiver tableStandard traps System status trapsStandard traps Brocade supports the following traps from RFCBrocade supports for the following traps for Rmon from RFC Traps for spanning tree protocolTraps for Rmon events IronWare traps IronWare trapsGeneral traps Brocade supports for the following traps for stacking Port security trapsTraps for stacking Examples ExamplesRmon event traps Page Examples MIB Variable Index Brocade 6910 Ethernet Access Switch MIB Reference Page Brocade 6910 Ethernet Access Switch MIB Reference

6910 specifications

Brocade Communications Systems, a leader in networking solutions, has established a strong presence in the data center and enterprise networking space with its various product offerings. One of its noteworthy products is the Brocade 6910 Switch, designed specifically for high-performance network environments.

The Brocade 6910 is a high-density, compact Ethernet switch that operates at speeds up to 10 Gigabits per second. It is engineered to support the increasing data demands of modern enterprises while providing reliability and flexibility. With its compact form factor, the 6910 is suitable for space-constrained environments, making it an ideal choice for data centers and edge deployments.

One of the standout features of the Brocade 6910 is its support for both Layer 2 and Layer 3 networking, allowing for dynamic routing and switching capabilities that enhance overall network performance. This dual functionality enables organizations to optimize their network architecture, ensuring seamless data transfer and management.

Power over Ethernet (PoE) functionality is another significant characteristic of the Brocade 6910. This feature allows the switch to deliver power to connected devices, such as IP phones and wireless access points, eliminating the need for separate power sources and reducing cable clutter. This capability not only streamlines installations but also lowers operational costs.

In terms of scalability, the Brocade 6910 supports an extensive number of physical and virtual interfaces, which makes it versatile enough to grow with the needs of an organization. It can efficiently handle increasing traffic loads, enabling businesses to scale their network infrastructure without extensive upgrades.

The switch also incorporates advanced features like Virtual Chassis technology, allowing multiple switches to operate as a single logical entity. This simplifies management and improves redundancy, enhancing overall network reliability. Additionally, the Brocade 6910 includes comprehensive security features that protect network data through robust monitoring and access controls.

Furthermore, the Brocade 6910 is equipped with intelligent network management tools that provide visibility into network performance and health. This functionality helps IT teams to manage resources effectively, troubleshoot issues, and streamline maintenance tasks.

In conclusion, the Brocade 6910 Switch exemplifies modern networking solutions with its high performance, versatility, and advanced management capabilities. Organizations looking for reliable, scalable, and efficient networking solutions will find the Brocade 6910 to be an outstanding choice that meets the demands of today’s dynamic environments.