Manualshelf

User guide

ManualsBrandsBrocade Communications Systems ManualsComputer AccessoriesBrocate Ethernet Access Switch 6910
871872873874875876877878879880
Brocade 6910 Ethernet Access Switch Configuration Guide 821
53-1002581-01
Chapter
41Security Measures
In this chapter
You can configure this switch to authenticate users logging into the system for management access
using local or remote authentication methods. Port-based authentication using IEEE 802.1X can
also be configured to control either management access to the uplink ports or client access to the
data ports. This switch provides secure network management access using the following options:
AAA – Use local or remote authentication to configure access rights, specify authentication
servers, configure remote authentication and accounting.
User Accounts Manually configure access rights on the switch for specified users.
Web Authentication – Allows stations to authenticate and access the network in situations
where 802.1X or Network Access authentication methods are infeasible or impractical.
Network Access - Configure MAC authentication, intrusion response, dynamic VLAN
assignment, and dynamic QoS assignment.
HTTPS – Provide a secure web connection.
SSH – Provide a secure shell (for secure Telnet access).
ACL – Access Control Lists provide packet filtering for IP frames (based on address, protocol,
Layer 4 protocol port number or TCP control code).
ARP Inspection – Security feature that validates the MAC Address bindings for Address
Resolution Protocol packets. Provides protection against ARP traffic with invalid MAC to IP
Address bindings, which forms the basis for certain “man-in-the-middle” attacks.
IP Filter – Filters management access to the web, SNMP or Telnet interface.
Port Security – Configure secure addresses for individual ports.
Port Authentication – Use IEEE 802.1X port authentication to control access to specific ports.
IP Source Guard – Filters untrusted DHCP messages on insecure ports by building and
maintaining a DHCP snooping binding table.
DHCP Snooping – Filter IP traffic on insecure ports for which the source address cannot be
identified via DHCP snooping.
NOTE
The priority of execution for the filtering commands is Port Security, Port Authentication, Network
Access, Web Authentication, Access Control Lists, IP Source Guard, and then DHCP Snooping.