Multi-device port authentication configuration. . . . . . . . . . . . . . . .236 Enabling multi-device port authentication . . . . . . . . . . . . . . . .237 Specifying the format of the MAC addresses sent to the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238 Specifying the authentication-failure action . . . . . . . . . . . . . .238 Generating traps for multi-device port authentication . . . . . .239 Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .239 Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .239 Dynamically applying IP ACLs to authenticated

MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243 Enabling denial of service attack protection . . . . . . . . . . . . . .245 Enabling source guard protection . . . . . . . . . . . . . . . . . . . . . . .246 Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . . 247 Disabling aging for authenticated MAC addresses . . . . . . . . .248 Changing the hardware aging period for blocked

MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249 Specifying the aging time for blocked MAC addresses . . . . . .250 Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . .250 Multi-device port authentication password override . . . . . . . .251 Limiting the number of authenticated MAC addresses. . . . . .252

Displaying multi-device port authentication information . . . . . . . .252 Displaying authenticated MAC address information . . . . . . . .252 Displaying multi-device port authentication

configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253 Displaying multi-device port authentication information

for a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . .254 Displaying the authenticated MAC addresses . . . . . . . . . . . . .255 Displaying the non-authenticated MAC addresses . . . . . . . . .256 Displaying multi-device port authentication information

for a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256 Displaying multi-device port authentication settings

and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . .257

Example port authentication configurations. . . . . . . . . . . . . . . . . .260 Multi-device port authentication with dynamic

VLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 Examples of multi-device port authentication and 802.1X authentication configuration on the same port. . . . . . . . . . . .263

Chapter 10

DoS Attack Protection

 

 

Smurf attacks

267

 

Avoiding being an intermediary in a Smurf attack

268

 

Avoiding being a victim in a Smurf attack

268

TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269 TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Displaying statistics about packets dropped

because of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Brocade ICX 6650 Security Configuration Guide

xi

53-1002601-01

 

Page 11
Image 11
Brocade Communications Systems 6650 manual Smurf attacks, Avoiding being an intermediary in a Smurf attack