Main
Brocade Communications Systems, Incorporated
Document History
September 2012
Title Publication number Summary of changes Date
Brocade ICX 6650 Security Configuration Guide
Contents
About This Document
Chapter 1 Security Access
Page
Chapter 2 SSH2 and SCP
Chapter 3 Rule-Based IP ACLs
Page
Chapter 4 IPv6 ACLs
Chapter 5 ACL-based Rate Limiting
Chapter 6 802.1X Port Security
Chapter 7 MAC Port Security
Chapter 8 MAC-based VLANs
Chapter 9 Multi-Device Port Authentication
Chapter 10 DoS Attack Protection
Chapter 11 Rate Limiting and Rate Shaping
Chapter 12 DHCP
Page
Page
About This Document
Audience
Supported hardware and software
Brocade ICX 6650 slot and port numbering
How this document is organized
Document conventions
Text formatting
Command syntax conventions
Notes, cautions, and warnings
Notice to the reader
Related publications
Additional information
Brocade resources
Other industry resources
Getting technical help
Page
Security Access
Securing access methods
TABLE 1
TABLE 2
TABLE 2
Ways to secure the access method
Access method How the access method is secured by default
Remote access to management function restrictions
ACL usage to restrict remote access
TABLE 2
Using an ACL to restrict Telnet access
Using an ACL to restrict SSH access
Using ACLs to restrict SNMP access
Defining the console idle time
Remote access restrictions
Restricting Telnet access to a specific IP address
Restricting SSH access to a specific IP address
Restricting SNMP access to a specific IP address
Restricting all remote management access to a specific IP address
Restricting access to the device based on IP or MAC address
Restricting Telnet connection
Restricting SSH connection
Restricting HTTP and HTTPS connection
Defining the Telnet idle time
Changing the login timeout period for Telnet sessions
Specifying the maximum number of login attempts for Telnet access
Changing the login timeout period for Telnet sessions
Restricting remote access to the device to specific VLAN IDs
Restricting Telnet access to a specific VLAN
Restricting SNMP access to a specific VLAN
Designated VLAN for Telnet management sessions to a Layer 2 switch
Device management security
Allowing SSHv2 access to the Brocade device
Allowing SNMP access to the Brocade device
Disabling specific access methods
Disabling Telnet access
Disabling SNMP access
Disabling TFTP access
Passwords used to secure access
Setting a Telnet password
Suppressing Telnet connection rejection messages
Setting passwords for management privilege levels
Augmenting management privilege levels
Recovering from a lost password
Displaying the SNMP community string
Specifying a minimum password length
Local user accounts
-
-
Enhancements to username and password
Enabling enhanced user password combination requirements
Enabling user password masking
Enabling user password aging
Configuring password history
Enhanced login lockout
Setting passwords to expire
Requirement to accept the message of the day
Local user account configuration
Local user accounts with no passwords
Local user accounts with unencrypted passwords
Local accounts with encrypted passwords
Creating a password option
Changing a local user password
TACACS and TACACS+ security
How TACACS+ differs from TACACS
TACACS/TACACS+ authentication, authorization, and accounting
Configuring TACACS/TACACS+ for devices in a Brocade IronStack
TACACS and TACACS+ security kill console Syntax: kill console [all | unit]
Use the show who and the show telnet commands to confirm the status of console sessions.
TACACS authentication
TACACS+ authentication
TACACS+ authorization
TACACS+ accounting
TACACS and TACACS+ security
AAA operations for TACACS/TACACS+
AAA security for commands pasted into the running-config
TABLE 3
User action Applicable AAA operations
[no] aaa accounting system default
TACACS/TACACS+ configuration considerations
Configuring TACACS
Configuring TACACS+
Enabling TACACS
Identifying the TACACS/TACACS+ servers
Specifying different servers for individual AAA functions
Setting optional TACACS and TACACS+ parameters
Setting the TACACS+ key
Setting the retransmission limit
Setting the timeout parameter
Configuring authentication-method lists for TACACS and TACACS+
TABLE 4
Entering privileged EXEC mode after a Telnet or SSH login
Configuring enable authentication to prompt for password only
Telnet and SSH prompts when the TACACS+ server is unavailable
TABLE 4
Configuring TACACS+ authorization
Configuring EXEC authorization
TABLE 5
Configuring command authorization
TACACS+ accounting configuration
Configuring TACACS+ accounting for Telnet/SSH (Shell) access
Configuring TACACS+ accounting for CLI commands
Configuring TACACS+ accounting for system events
Configuring an interface as the source for all TACACS and TACACS+ packets
Displaying TACACS/TACACS+ statistics and configuration information
RADIUS security
RADIUS authentication, authorization, and accounting
RADIUS authentication
RADIUS authorization
RADIUS accounting
AAA operations for RADIUS
TABLE 7
AAA security for commands pasted Into the running-config
RADIUS configuration considerations
TABLE 7
Configuring RADIUS
Brocade-specific attributes on the RADIUS server
RADIUS security
TABLE 8
Enabling SNMP to configure RADIUS
Identifying the RADIUS server to the Brocade device
TABLE 8
Specifying different servers for individual AAA functions
RADIUS server per port
RADIUS server per port configuration notes
RADIUS configuration example and command syntax
RADIUS server to individual ports mapping
RADIUS server-to-ports configuration notes
RADIUS server-to-ports configuration example and command syntax
RADIUS parameters
Setting the RADIUS key
Setting the retransmission limit
Setting the timeout parameter
Setting RADIUS over IPv6
Setting authentication-method lists for RADIUS
TABLE 9
Entering privileged EXEC mode after a Telnet or SSH login
Configuring enable authentication to prompt for password only
RADIUS authorization
Configuring EXEC authorization
Configuring command authorization
Command authorization and accounting for console commands
RADIUS accounting
Configuring RADIUS accounting for Telnet/SSH (Shell) access
Configuring RADIUS accounting for CLI commands
Configuring RADIUS accounting for system events
Configuring an interface as the source for all RADIUS packets
Displaying RADIUS configuration information
Page
Authentication-method lists
Examples of authentication-method lists
TCP Flags - edge port security
TABLE 11
Using TCP Flags in combination with other ACL features
Page
SSH2 and SCP
SSH version 2 overview
TABLE 12
Tested SSH2 clients
SSH2 supported features
SSH2 unsupported features
SSH2 authentication types
Configuring SSH2
Enabling and disabling SSH by generating and deleting host keys
Setting the CPU priority for key generation
Generating and deleting a DSA key pair
Generating and deleting an RSA key pair
Deleting DSA and RSA key pairs
Providing the public key to clients
Configuring DSA or RSA challenge-response authentication
Importing authorized public keys into the Brocade device
Enabling DSA or RSA challenge-response authentication
Optional SSH parameters
Setting the number of SSH authentication retries
Deactivating user authentication
Enabling empty password logins
Setting the SSH port number
Setting the SSH login timeout value
Designating an interface as the source for all SSH packets
Configuring the maximum idle time for SSH sessions
Filtering SSH access using ACLs
Terminating an active SSH connection
Displaying SSH information
Displaying SSH connection information
Displaying SSH configuration information
To display SSH configuration information, use the show ip ssh config command:
Syntax: show ip ssh config This display shows the following information.
TABLE 13
TABLE 14
Displaying additional SSH connection information
show who [begin expression | exclude expression | include expression]
The show who command also displays information about SSH connections:
TABLE 14
Secure copy with SSH2
Enabling and disabling SCP
Secure copy configuration notes
Example file transfers using SCP
Copying a file to the running configuration
Copying a file to the startup configuration
Copying the running config uration file to an SCP-enabled client
Copying the startup configuration file to an SCP-enabled client
Copying a software image file to flash memory
Copying a software image file from flash memory
Importing a digital certificate using SCP
Importing an RSA private key
Importing a DSA or RSA public key
SSH2 client
Enabling SSH2 client
Configuring SSH2 client public key authentication
Generating and deleting a client DSA key pair
Generating and deleting a client RSA key pair
Using SSH2 client
Displaying SSH2 client information
Rule-Based IP ACLs
TABLE 15
TABLE 16
ACL overview
TABLE 16
Types of IP ACLs
ACL IDs and entries
Numbered and named ACLs
Default ACL action
How hardware-based ACLs work
How fragmented packets are processed
Hardware aging of Layer 4 CAM entries
ACL configuration considerations
Configuring standard numbered ACLs
Standard numbered ACL syntax
Configuration example for standard numbered ACLs
Standard named ACL configuration
Standard named ACL syntax
Page
Configuration example for standard named ACLs
Extended numbered ACL configuration
Extended numbered ACL syntax
Page
Page
-
Configuration examples for extended numbered ACLs
Extended named ACL configuration
Extended named ACL syntax
Page
Page
-
Applying egress ACLs to Control (CPU) traffic
Preserving user input for ACL TCP/UDP port numbers
ACL comment text management
Adding a comment to an entry in a numbered ACL
Adding a comment to an entry in a named ACL
Deleting a comment from an ACL entry
Viewing comments in an ACL
Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN
ACL logging
Configuration notes for ACL logging
Configuration tasks for ACL logging
Example ACL logging configuration
Displaying ACL Log Entries
Enabling strict control of ACL filtering of fragmented packets
Enabling ACL support for switched traffic in the router image
Enabling ACL filtering based on VLAN membership or VE port membership
Configuration notes for ACL filtering
Applying an IPv4 ACL to specific VLAN members on a port (Layer 2 devices only)
Applying an IPv4 ACL to a subset of ports on a virtual interface (Layer 3 devices only)
ACLs to filter ARP packets
Configuration considerations for filtering ARP packets
Configuring ACLs for ARP filtering
Displaying ACL filters for ARP
Clearing the filter count
Filtering on IP precedence and ToS values
TCP flags - edge port security
QoS options for IP ACLs
Configuration notes for QoS options on Brocade ICX 6650
Using an IP ACL to mark DSCP values (DSCP marking)
Combined ACL for 802.1p marking
Using an ACL to change the forwarding queue
DSCP matching
ACL-based rate limiting
ACL statistics
ACLs to control multicast features
Enabling and viewing hardware usage statistics for an ACL
Displaying ACL information
Troubleshooting ACLs
Policy Based Routing
Configuration considerations for policy-based routing
Configuring a PBR policy
Configuring the ACLs
Configuring the route map
Enabling PBR
Configuration examples for PBR
Basic example of PBR
Setting the next hop
Setting the output interface to the null interface
Trunk formation with PBR policy
IPv6 ACLs
IPv6 ACL overview
TABLE 17
IPv6 ACL traffic filtering criteria
IPv6 ACL configuration notes
Configuring an IPv6 ACL
Example IPv6 configurations
Page
Default and implicit IPv6 ACL action
Creating an IPv6 ACL
Syntax for creating an IPv6 ACL
For IPv6 and supported protocols other than ICMP, TCP, or UDP
For ICMP
For TCP
For UDP
Creating an IPv6 ACL Table 1 8 lists the syntax elements.
TABLE 18
IPv6 ACL arguments Description
Creating an IPv6 ACL
TABLE 18
IPv6 ACL arguments Description
ICMP message configurations
Enabling IPv6 on an interface to which an ACL will be applied
Applying an IPv6 ACL to an interface
Syntax for applying an IPv6 ACL
Applying an IPv6 ACL to a trunk group
Applying an IPv6 ACL to a virtual interface in a protocol-based or subnet-based VLAN
Adding a comment to an IPv6 ACL entry
Deleting a comment from an IPv6 ACL entry
Support for ACL logging
Displaying IPv6 ACLs
Displaying IPv6 ACLs
ACL-based Rate Limiting
ACL-based rate limiting overview
Types of ACL-based rate limiting
TABLE 19
Traffic policies overview
Traffic policy structure
- -
ACL statistics
Configuration notes for traffic policies
Configuring fixed rate limiting
Configuring adaptive rate limiting
Marking Class of Service parameters in adaptive rate limiting
TABLE 20
TABLE 21
Inspecting the 802.1p bit in the ACL for adaptive rate limiting
Handling packets that exceed the rate limit
Dropping packets
Permitting packets at low priority
Enabling and using ACL statistics
Enabling ACL statistics
Enabling ACL statistics with rate limiting traffic policies
Viewing ACL and rate limit counters
Clearing ACL and rate limit counters
TABLE 22
Viewing traffic policies
TABLE 23
802.1X Port Security
IETF RFC support
TABLE 24
How 802.1X port security works
Device roles in an 802.1X configuration
FIGURE 1
Communication between the devices
FIGURE 2
Controlled and uncontrolled ports
FIGURE 3
Message exchange during authentication
FIGURE 4
Setting the IP MTU size
EAP pass-through support
Support for RADIUS user-name attribute in access-accept messages
Authenticating multiple hosts connected to the same port
TABLE 25
FIGURE 5
How 802.1X multiple-host authentication works
Page
-
-
- -
Configurable hardware aging period for denied client dot1x-mac-sessions
802.1X port security and sFlow
802.1X accounting
802.1X port security configuration
Configuring an authentication method list for 802.1X
Setting RADIUS parameters
Supported RADIUS attributes
Specifying the RADIUS timeout action
Allow user access to a restricted VLAN after a RADIUS timeout
Dynamic VLAN assignment for 802.1X port configuration
Automatic removal of dynamic VLAN assignments for 802.1X ports
TABLE 26
Dynamic multiple VLAN assignment for 802.1X ports
Saving dynamic VLAN assignments to the running-config file
Considerations for dynamic VLAN assignment in an 802.1X multiple-host configuration
Dynamically applying IP ACLs and MAC address filters to 802.1X ports
Configuration considerations for applying IP ACLs and MAC address filters to 802.1x ports
Disabling and enabling strict security mode for dynamic filter assignment
Disabled strict security mode
Disabling strict security mode globally
Dynamically applying existing ACLs or MAC address filters
TABLE 27
TABLE 28
Notes for dynamically applying ACLs or MAC address filters
Configuring per-user IP ACLs or MAC address filters
TABLE 29
TABLE 30
Enabling 802.1X port security
Setting the port control
Configuring periodic re-authentication
Re-authenticating a port manually
Setting the quiet period
Setting the wait interval for EAP frame retransmissions
Setting the maximum number of EAP frame retransmissions
Wait interval and number of EAP-request/ identity frame retransmissions from the RADIUS server
Setting the wait interval for EAP frame retransmissions
Setting the maximum number of EAP frame retransmissions
Specifying a timeout for retransmission of messages to the authentication server
Initializing 802.1X on a port
Allowing access to multiple hosts
Configuring 802.1X multiple-host authentication
Page
Page
MAC address filters for EAP frames
Creating MAC address filters for EAP on most devices
Configuring VLAN access for non-EAP-capable clients
802.1X accounting configuration
802.1X accounting attributes for RADIUS
Enabling 802.1X accounting
TABLE 31
Displaying 802.1X information
Displaying 802.1X configuration information
TABLE 32
Syntax: show dot1x config ethernet port
TABLE 32
TABLE 33
Displaying 802.1X statistics
To display 802.1X statistics for an individual port, enter the show dot1x statistics command.
Syntax: show dot1x statistics ethernet port
TABLE 34
Field Statistics
Clearing 802.1X statistics
Displaying dynamically assigned VLAN information
Displaying information about dynamically applied MAC address filters and IP ACLs
Displaying user-defined MAC address filters and IP ACLs
Displaying dynamically applied MAC address filters and IP ACLs
Displaying the status of strict security mode
Displaying 802.1X multiple-host authentication information
Displaying 802.1X multiple-host configuration information
TABLE 35
Syntax: show dot1x config ethernet port
The following table lists the fields in the display.
Displaying information about the dot1x MAC sessions on each port
TABLE 36
Example
Syntax: show dot1x mac-session Table 37 lists the new fields in the display.
TABLE 37
Displaying information about the ports in an 802.1X multiple-host configuration
TABLE 38
Sample 802.1X configurations
Point-to-point configuration
FIGURE 6
Same point-to-point 802.1x configuration
Hub configuration
FIGURE 7
Sample 802.1x configuration using a hub
802.1X authentication with dynamic VLAN assignment
FIGURE 8
Multi-device port authentication and 802.1X security on the same port
Page
MAC Port Security
TABLE 39
MAC port security overview
Local and global resources used for MAC port security
Configuration notes and feature limitations for MAC port security
MAC port security configuration
Enabling the MAC port security feature
Setting the maximum number of secure MAC addresses for an interface
Setting the port security age timer
Specifying secure MAC addresses
On an untagged interface
On a tagged interface
Autosaving secure MAC addresses to the startup configuration
Specifying the action taken when a security violation occurs
Dropping packets from a violating address
Disabling the port for a specified amount of time
Clearing port security statistics
Clearing restricted MAC addresses
Clearing violation statistics
Displaying port security information
Displaying port security settings
Displaying the secure MAC addresses
TABLE 40
Displaying port security statistics
TABLE 41
TABLE 42
Displaying restricted MAC addresses on a port
TABLE 43
MAC-based VLANs
MAC-based VLAN overview
Static and dynamic hosts
TABLE 44
MAC-based VLAN feature structure
Source MAC address authentication
Policy-based classification and forwarding
Dynamic MAC-based VLAN
Configuration notes and feature limitations for dynamic MAC-based VLAN
Dynamic MAC-based VLAN CLI commands
Dynamic MAC-based VLAN
Dynamic MAC-based VLAN configuration example
The following example shows a MAC-based VLAN configuration.
TABLE 45
CLI command Description CLI level
MAC-based VLAN configuration
Using MAC-based VLANs and 802.1X security on the same port
Configuring generic and Brocade vendor-specific attributes on the RADIUS server
TABLE 46
Aging for MAC-based VLAN
For permitted hosts
For blocked hosts
TABLE 47
For MAC-based dynamic activation
Disabling aging for MAC-based VLAN sessions
Globally disabling aging
Disabling the aging on interfaces
Configuring the maximum MAC addresses per port
Configuring a MAC-based VLAN for a static host
Configuring MAC-based VLAN for a dynamic host
Configuring dynamic MAC-based VLAN
Configuring MAC-based VLANs using SNMP
Displaying information about MAC-based VLANs
Displaying the MAC-VLAN table
TABLE 48
Displaying the MAC-VLAN table for a specific MAC address
Displaying allowed MAC addresses
TABLE 49
TABLE 50
Displaying denied MAC addresses
TABLE 51
TABLE 50
Displaying detailed MAC-VLAN data
Displaying MAC-VLAN information for a specific interface
The following table describes the information in this output.
TABLE 52
Displaying MAC addresses in a MAC-based VLAN
Enter the show mac-address command to display a list of MAC addresses in a MAC-based VLAN.
TABLE 53
TABLE 52
Displaying MAC-based VLAN logging
Clearing MAC-VLAN information
Sample MAC-based VLAN application
Sample MAC-based VLAN application
FIGURE 9
Sample MAC-based VLAN application
The show table-mac-vlan command returns the following results for all ports in this configuration.
Page
Multi-Device Port Authentication
How multi-device port authentication works
TABLE 54
RADIUS authentication
Authentication-failure actions
Supported RADIUS attributes
Support for dynamic VLAN assignment
Support for dynamic ACLs
Support for authenticating multiple MAC addresses on an interface
Support for dynamic ARP inspection with dynamic ACLs
Support for DHCP snooping with dynamic ACLs
Multi-device port authentication and 802.1X security on the same port
Configuring Brocade-specific attributes on the RADIUS server
Multi-device port authentication configuration
TABLE 55
Enabling multi-device port authentication
Globally enabling multi-device port authentication
Enabling multi-device port authentication on an interface
Specifying the format of the MAC addresses sent to the RADIUS server
Specifying the authentication-failure action
Generating traps for multi-device port authentication
Defining MAC address filters
Configuring dynamic VLAN assignment
Configuring a port to remain in the restricted VLAN after a successful authentication attempt
Configuration notes for configuring a port to remain in the restricted VLAN
Configuring the RADIUS server to support dynamic VLAN assignment
Enabling dynamic VLAN support for tagged packets on non-member VLAN ports
TABLE 56
Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires
Automatic removal of dynamic VLAN assignments for MAC authenticated ports
Saving dynamic VLAN assignments to the running-config file
Dynamically applying IP ACLs to authenticated MAC addresses
Multi-device port authentication with dynamic IP ACLs and ACL-per-port-per-VLAN
Configuration considerations and guidelines for multi-device port authentication
- - - - -
Configuring the RADIUS server to support dynamic IP ACLs
Enabling denial of service attack protection
TABLE 57
TABLE 58
Enabling source guard protection
Viewing the assigned ACL for ports on which source guard protection is enabled
Clearing authenticated MAC addresses
Disabling aging for authenticated MAC addresses
Globally disabling aging of MAC addresses
Disabling the aging of MAC addresses on interfaces
Changing the hardware aging period for blocked MAC addresses
Specifying the aging time for blocked MAC addresses
Specifying the RADIUS timeout action
Permit user access to the network after a RADIUS timeout
Deny user access to the network after a RADIUS timeout
Allow user access to a restricted VLAN after a RADIUS timeout
Multi-device port authentication password override
Limiting the number of authenticated MAC addresses
Displaying multi-device port authentication information
Displaying authenticated MAC address information
Displaying multi-device port authentication configuration information
TABLE 59
Displaying multi-device port authentication information for a specific MAC address or port
TABLE 60
TABLE 61
Displaying the authenticated MAC addresses
TABLE 61
Displaying the non-authenticated MAC addresses
Displaying multi-device port authentication information for a port
TABLE 62
Displaying multi-device port authentication settings and authenticated MAC addresses
TABLE 62
Displaying multi-device port authentication information
TABLE 63
Displaying multi-device port authentication information
Example port authentication configurations
Multi-device port authentication with dynamic VLAN assignment
TABLE 63
FIGURE 10
Example 1 Multi-device port authentication with dynamic VLAN assignment
FIGURE 11
Example 1 Multi-device port authentication and 802.1x authentication on the same port
FIGURE 12
Example 2 Creating a profile on the RADIUS server for each MAC address
FIGURE 13
Page
DoS Attack Protection
Smurf attacks
FIGURE 14
TABLE 64
Avoiding being an intermediary in a Smurf attack
Avoiding being a victim in a Smurf attack
TCP SYN attacks
TCP security enhancement
Protecting against a blind TCP reset attack using the RST bit
Protecting against a blind TCP reset attack using the SYN bit
Protecting against a blind injection attack
Displaying statistics about packets dropped because of DoS attacks
Page
Rate Limiting and Rate Shaping
Port-based rate limiting
TABLE 65
How port-based fixed rate limiting works
FIGURE 15
Rate limiting in hardware
Configuration notes for port-based fixed rate limiting
Configuring a port-based fixed rate limiting policy
Displaying the port-based fixed rate limiting configuration
TABLE 66
Rate shaping
Configuration notes for rate shaping
Configuring outbound rate shaping for a port
TABLE 67
Configuring outbound rate shaping for a specific priority
CPU rate-limiting
TABLE 68
DHCP
Dynamic ARP inspection
ARP poisoning
TABLE 69
Dynamic ARP Inspection
FIGURE 16
ARP entries
Configuration notes and feature limitations for DAI
Dynamic ARP inspection configuration
Configuring an inspection ARP entry
Enabling DAI on a VLAN
TABLE 70
Enabling trust on a port
DHCP snooping
How DHCP snooping works
FIGURE 17
FIGURE 18
DHCP binding database
Client IP-to-MAC address mappings
System reboot and the binding database
Configuration notes and feature limitations for DHCP snooping
Configuring DHCP snooping
Enabling DHCP snooping on a VLAN
Enabling trust on a port
Disabling the learning of DHCP clients on a port
TABLE 71
Clearing the DHCP binding database
Displaying DHCP snooping status and ports
Displaying the DHCP snooping binding database
Displaying DHCP binding entry and status
DHCP snooping configuration example
DHCP relay agent information
FIGURE 19
FIGURE 20
Configuration notes for DHCP option 82
DHCP option 82 sub-options
+
Sub-option 1 Circuit ID
FIGURE 21
Sub-option 2 Remote ID
FIGURE 22
Sub-option 6 - Subscriber ID
DHCP option 82 configuration
Disabling and re-enabling DHCP option 82 processing on an individual interface
Changing the forwarding policy
Enabling and disabling subscriber ID processing
Viewing information about DHCP option 82 processing
Viewing the circuit ID, remote ID, and forwarding policy
Viewing the ports on which DHCP option 82 is disabled
TABLE 72
IP source guard
TABLE 73
Configuration notes and feature limitations for IP source guard
Enabling IP source guard on a port
Defining static IP source bindings
Enabling IP source guard per-port-per-VLAN
Enabling IP source guard on a VE
Displaying learned IP addresses
Page
Limiting Broadcast, Multicast, and Unknown Unicast Traffic
Broadcast, unknown Unicast, and Multicast rate limiting
Configuring rate limiting for BUM traffic
Viewing rate limits set on BUM traffic
Broadcast, unknown Unicast, and Multicast rate limiting
Syntax: show rate-limit broadcast
Example
Page
Index
Numerics
A
B
C
D
F
G
I
L
M
P
Q
R
S
T
U
V