denial of service (DoS)

avoiding being a victim in a Smurf attack, 268 avoiding being an intermediary in a Smurf attack, 268 displaying information, 271

enabling for multi-device port authentication, 245 Smurf attacks, 267

TCP security enhancement, 270 TCP SYN attacks, 269

Dot1x

auth-fail-action restricted-vlan,179 auth-fail-action restrict-vlan,180 auth-fail-max-attempts,180 auth-fail-vlanid,179

auth-max,177

dot1x disable-filter-strict-security,172 dot1x initialize ethernet, 178 enable all, 174

enable ethernet, 174 global-filter-strict-security,172 mac-session-aging no-aging denied-mac-only,180 mac-session-aging no-aging permitted-mac-only,180 max-req,178

re-authentication,175 save-dynamicvlan-to-config,169 servertimeout, 178 supptimeout, 178

timeout quiet-period,176 timeout re-authperiod,175 timeout restrict-fwd-period,182 timeout tx-period,177

DSA authentication

configuring challenge-response authentication, 67 deleting key pairs, 67

enabling challenge-response,69 exporting client public keys, 79 generating a client key pair, 79

importing public keys into Brocade device, 68 providing the public key to clients, 67

Dynamic ARP

about inspection, 280

configuration notes and feature limitations, 281 poisoning, 279

Dynamic ARP inspection displaying status and ports, 283 enabling on a VLAN, 282 enabling trust on a port, 283 using with IP source guard, 294

Dynamic Host Configuration Protocol (DHCP) binding database, 284

changing the forwarding policy, 292 clearing the binding database, 287 configuration example, 288

configuration notes and feature limitations, 285 configuring snooping, 285

defining static IP source bindings, 296 disabling the learning of clients on a port, 286 displaying learned IP addresses, 297

enabling and disabling subscriber ID processing, 292 enabling IP source guard on a port, 296

enabling IP source guard on a virtual interface, 297 enabling IP source guard per-port-per-VLAN,297 option 82, 289

overview, 279

relay agent information, 288 snooping, 283

dynamic MAC-based VLAN CLI commands, 213 configuration example, 214

configuration notes and feature limitations, 213 disabling aging, 218

overview, 213

F

feature support

MAC port security, 201 multi-device port authentication, 231 SSH2 and SCP, 63

traffic policies, 141

G

Generating, 79

I

Interface age, 204

arp inspection trust, 283

dhcp snooping relay information, 291

dhcp snooping relay information option subscriber-id,292

dot1x auth-timeout-action failure, 166 dot1x auth-timeout-action success, 165 dot1x port-control auto, 175

dot1x re-auth-timeout- success, 166 enable, 203

idhcp snooping trust, 286

ip access-group frag deny, 108 ip access-group in, 144

306

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 325 Page 327
Page 326
Image 326
Brocade Communications Systems 6650 manual
Page 325 Page 327
Top Page Image Contents