Dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213 Configuration notes and feature limitations

for dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .213 Dynamic MAC-based VLAN CLI commands . . . . . . . . . . . . . . .213 Dynamic MAC-based VLAN configuration example . . . . . . . . .214

MAC-based VLAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Using MAC-based VLANs and 802.1X security

on the same port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Configuring generic and Brocade vendor-specific

attributes on the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . .216 Aging for MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Disabling aging for MAC-based VLAN sessions . . . . . . . . . . . .218 Configuring the maximum MAC addresses per port . . . . . . . .219 Configuring a MAC-based VLAN for a static host . . . . . . . . . . .219 Configuring MAC-based VLAN for a dynamic host . . . . . . . . . .220 Configuring dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . .220

Configuring MAC-based VLANs using SNMP . . . . . . . . . . . . . . . . . .221

Displaying information about MAC-based VLANs . . . . . . . . . . . . . .221 Displaying the MAC-VLAN table. . . . . . . . . . . . . . . . . . . . . . . . .221 Displaying the MAC-VLAN table for a specific MAC address . .222 Displaying allowed MAC addresses . . . . . . . . . . . . . . . . . . . . .222 Displaying denied MAC addresses . . . . . . . . . . . . . . . . . . . . . .223 Displaying detailed MAC-VLAN data . . . . . . . . . . . . . . . . . . . . .224 Displaying MAC-VLAN information for a specific interface . . .225 Displaying MAC addresses in a MAC-based VLAN . . . . . . . . . .226 Displaying MAC-based VLAN logging . . . . . . . . . . . . . . . . . . . .227

Clearing MAC-VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . .227 Sample MAC-based VLAN application . . . . . . . . . . . . . . . . . . . . . . .227

Chapter 9

Multi-Device Port Authentication

 

 

How multi-device port authentication works

231

 

RADIUS authentication

232

 

Authentication-failure actions

232

 

Supported RADIUS attributes

232

 

Support for dynamic VLAN assignment

233

 

Support for dynamic ACLs

233

 

Support for authenticating multiple MAC addresses

 

 

on an interface

233

 

Support for dynamic ARP inspection with dynamic ACLs . . . .

233

 

Support for DHCP snooping with dynamic ACLs

234

 

Support for source guard protection

234

Multi-device port authentication and 802.1X

security on the same port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234 Configuring Brocade-specific attributes on the

RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

x

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 10
Image 10
Brocade Communications Systems 6650 manual How multi-device port authentication works, Radius authentication