53-1002601-0128 September 2012®Brocade ICX 6650 Security Configuration GuideSupporting FastIron Software Release 07.5.00
x Brocade ICX 6650 Security Configuration Guide53-1002601-01Dynamic MAC-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213C
80 Brocade ICX 6650 Security Configuration Guide53-1002601-01SSH2 clientBrocade# ssh 10.10.10.2To start an SSH2 client connection to an SSH2 server us
Brocade ICX 6650 Security Configuration Guide 8153-1002601-01Chapter3Rule-Based IP ACLs Table 15 and Table 16 list the Access Control List (ACL) featu
82 Brocade ICX 6650 Security Configuration Guide53-1002601-01ACL overviewThis chapter describes how Access Control Lists (ACLs) are implemented and co
Brocade ICX 6650 Security Configuration Guide 8353-1002601-01ACL overview• Virtual routing interfacesTypes of IP ACLsYou can configure the following t
84 Brocade ICX 6650 Security Configuration Guide53-1002601-01How hardware-based ACLs workDefault ACL actionThe default action when no ACLs are configu
Brocade ICX 6650 Security Configuration Guide 8553-1002601-01ACL configuration considerationsACL configuration considerations• See “ACL overview” on p
86 Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring standard numbered ACLs• You can apply an ACL to a port that has TCP SYN prote
Brocade ICX 6650 Security Configuration Guide 8753-1002601-01Standard named ACL configurationsignificant bits) and changes the non-significant portion
88 Brocade ICX 6650 Security Configuration Guide53-1002601-01Standard named ACL configurationStandard ACLs permit or deny packets based on source IP a
Brocade ICX 6650 Security Configuration Guide 8953-1002601-01Standard named ACL configurationNOTETo specify the host name instead of the IP address, t
Brocade ICX 6650 Security Configuration Guide xi53-1002601-01Multi-device port authentication configuration. . . . . . . . . . . . . . . .236Enabling
90 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended numbered ACL configurationConfiguration example for standard named ACLsTo config
Brocade ICX 6650 Security Configuration Guide 9153-1002601-01Extended numbered ACL configurationExtended numbered ACL syntaxSyntax: [no] access-list A
92 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended numbered ACL configurationThe destination-ip | hostname parameter specifies the
Brocade ICX 6650 Security Configuration Guide 9353-1002601-01Extended numbered ACL configuration• gt – The policy applies to TCP or UDP port numbers g
94 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended numbered ACL configuration• max-throughput or 4 – The ACL matches packets that h
Brocade ICX 6650 Security Configuration Guide 9553-1002601-01Extended numbered ACL configurationConfiguration examples for extended numbered ACLsTo co
96 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended named ACL configurationThe first entry in this ACL denies TCP traffic from the 1
Brocade ICX 6650 Security Configuration Guide 9753-1002601-01Extended named ACL configuration• Internet Control Message Protocol (ICMP)• Internet Grou
98 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended named ACL configurationIf you enable the software to display IP subnet masks in
Brocade ICX 6650 Security Configuration Guide 9953-1002601-01Extended named ACL configurationThe tcp/udp comparison operator parameter specifies a com
xii Brocade ICX 6650 Security Configuration Guide53-1002601-01Chapter 11 Rate Limiting and Rate ShapingPort-based rate limiting . . . . . . . . . . .
100 Brocade ICX 6650 Security Configuration Guide53-1002601-01Extended named ACL configuration• internet or 6 – The ACL matches packets that have the
Brocade ICX 6650 Security Configuration Guide 10153-1002601-01Applying egress ACLs to Control (CPU) trafficThe dscp-matching option matches on the pac
102 Brocade ICX 6650 Security Configuration Guide53-1002601-01ACL comment text managementThe following example shows how this feature works for a TCP
Brocade ICX 6650 Security Configuration Guide 10353-1002601-01ACL comment text managementFor ACL-num, enter the number of the ACL. The comment-text ca
104 Brocade ICX 6650 Security Configuration Guide53-1002601-01Applying an ACL to a virtual interface in a protocol- or subnet-based VLANThe following
Brocade ICX 6650 Security Configuration Guide 10553-1002601-01ACL loggingBrocade(config-vlan-1)# no vlan-dynamic-discovery Vlan dynamic discovery is
106 Brocade ICX 6650 Security Configuration Guide53-1002601-01ACL logging• ACL logging is not supported for dynamic ACLs with multi-device port authen
Brocade ICX 6650 Security Configuration Guide 10753-1002601-01ACL loggingThe above commands create ACL entries that include the log option, enable ACL
108 Brocade ICX 6650 Security Configuration Guide53-1002601-01Enabling strict control of ACL filtering of fragmented packetsSyntax: show logEnabling s
Brocade ICX 6650 Security Configuration Guide 10953-1002601-01Enabling ACL support for switched traffic in the router imageEnabling ACL support for sw
Brocade ICX 6650 Security Configuration Guide xiii53-1002601-01Chapter 13 Limiting Broadcast, Multicast, and Unknown Unicast TrafficBroadcast, unknown
110 Brocade ICX 6650 Security Configuration Guide53-1002601-01Enabling ACL filtering based on VLAN membership or VE port membershipApplying an IPv4 AC
Brocade ICX 6650 Security Configuration Guide 11153-1002601-01ACLs to filter ARP packetsUse this feature when you do not want the IPv4 ACLs to apply t
112 Brocade ICX 6650 Security Configuration Guide53-1002601-01ACLs to filter ARP packetsConfiguration considerations for filtering ARP packets• This f
Brocade ICX 6650 Security Configuration Guide 11353-1002601-01Filtering on IP precedence and ToS values• Allow the ACL ID to be inherited from the IP
114 Brocade ICX 6650 Security Configuration Guide53-1002601-01QoS options for IP ACLsThe first entry in this ACL denies TCP traffic from the 10.157.21
Brocade ICX 6650 Security Configuration Guide 11553-1002601-01QoS options for IP ACLs• dscp-matching – Matches on the packet DSCP value. This option d
116 Brocade ICX 6650 Security Configuration Guide53-1002601-01QoS options for IP ACLsCombined ACL for 802.1p markingBrocade devices support a simple m
Brocade ICX 6650 Security Configuration Guide 11753-1002601-01ACL-based rate limitingSyntax: access-list num(100-199) permit udp any any 802.1p-priori
118 Brocade ICX 6650 Security Configuration Guide53-1002601-01ACL statisticsNOTEBrocade devices support ACL-based rate limiting for inbound traffic. T
Brocade ICX 6650 Security Configuration Guide 11953-1002601-01Displaying ACL informationSyntax: show access-list hw-usage on | offSyntax: show access-
xiv Brocade ICX 6650 Security Configuration Guide53-1002601-01
120 Brocade ICX 6650 Security Configuration Guide53-1002601-01Policy Based RoutingYou can configure the Brocade device to perform the following types
Brocade ICX 6650 Security Configuration Guide 12153-1002601-01Policy Based Routing• Configure a route map that matches on the ACLs and sets the route
122 Brocade ICX 6650 Security Configuration Guide53-1002601-01Policy Based RoutingIf you prefer to specify the wildcard (mask value) in CIDR format, y
Brocade ICX 6650 Security Configuration Guide 12353-1002601-01Policy Based RoutingThe permit | deny parameter specifies the action the Brocade device
124 Brocade ICX 6650 Security Configuration Guide53-1002601-01Policy Based RoutingConfiguration examples for PBRThis section presents configuration ex
Brocade ICX 6650 Security Configuration Guide 12553-1002601-01Policy Based RoutingBrocade(config)# route-map test-route permit 50Brocade(config-routem
126 Brocade ICX 6650 Security Configuration Guide53-1002601-01Policy Based RoutingBrocade(config)# interface ethernet 1/3/1Brocade(config-if-e10000-1/
Brocade ICX 6650 Security Configuration Guide 12753-1002601-01Chapter4IPv6 ACLs Table 17 lists the IPv6 Access Control Lists (ACL) features supported
128 Brocade ICX 6650 Security Configuration Guide53-1002601-01IPv6 ACL configuration notesNOTEIPv6 ACLs are supported on inbound traffic and are imple
Brocade ICX 6650 Security Configuration Guide 12953-1002601-01Configuring an IPv6 ACL• IPv6 ACLs cannot be used with GRE• IPv6 ACLs cannot be employed
xiAbout This DocumentThe Brocade ICX 6650 is a ToR (Top of Rack) Ethernet switch for campus LAN and classic Ethernet data center environments.Audience
130 Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring an IPv6 ACLThe first condition permits ICMP traffic from hosts in the 2001:d
Brocade ICX 6650 Security Configuration Guide 13153-1002601-01Configuring an IPv6 ACLThe following commands apply the ACL “rtr” to the incoming traffi
132 Brocade ICX 6650 Security Configuration Guide53-1002601-01Creating an IPv6 ACLThe first permit statement permits ICMP traffic from hosts in the 20
Brocade ICX 6650 Security Configuration Guide 13353-1002601-01Creating an IPv6 ACLSyntax: permit | deny protocol ipv6-source-prefix/prefix-length | an
134 Brocade ICX 6650 Security Configuration Guide53-1002601-01Creating an IPv6 ACLTable 18 lists the syntax elements.TABLE 18 Syntax descriptionsIPv6
Brocade ICX 6650 Security Configuration Guide 13553-1002601-01Creating an IPv6 ACLipv6-source-prefix/prefix-length The ipv6-source-prefix/prefix-lengt
136 Brocade ICX 6650 Security Configuration Guide53-1002601-01Creating an IPv6 ACLICMP message configurations If you want to specify an ICMP message,
Brocade ICX 6650 Security Configuration Guide 13753-1002601-01Enabling IPv6 on an interface to which an ACL will be applied• renum-command• renum-resu
138 Brocade ICX 6650 Security Configuration Guide53-1002601-01Adding a comment to an IPv6 ACL entryThis example applies the IPv6 ACL “access1” to inco
Brocade ICX 6650 Security Configuration Guide 13953-1002601-01Deleting a comment from an IPv6 ACL entryThe comment-text can be up to 256 characters in
xiiBrocade ICX 6650 slot and port numbering• Slot 2 is located on the back of the Brocade ICX 6650 device and contains ports 1 through 3 on the top ro
140 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying IPv6 ACLsSyntax: show ipv6 access-listTo display a specific IPv6 ACL configur
Brocade ICX 6650 Security Configuration Guide 14153-1002601-01Chapter5ACL-based Rate LimitingTable 19 lists the ACL-based rate limiting features suppo
142 Brocade ICX 6650 Security Configuration Guide53-1002601-01Traffic policies overview• Adaptive rate limiting – Enforces a flexible bandwidth limit
Brocade ICX 6650 Security Configuration Guide 14353-1002601-01Configuring fixed rate limitingConfiguration notes for traffic policiesConsider the foll
144 Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring adaptive rate limitingSyntax: [no] traffic-policy TPD-name rate-limit fixed
Brocade ICX 6650 Security Configuration Guide 14553-1002601-01Configuring adaptive rate limitingIf a port receives more than the configured packet rat
146 Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring adaptive rate limiting3. Bind the ACL to an interface. Enter commands such a
Brocade ICX 6650 Security Configuration Guide 14753-1002601-01Handling packets that exceed the rate limit1. Create an adaptive rate limiting traffic p
148 Brocade ICX 6650 Security Configuration Guide53-1002601-01Enabling and using ACL statisticsThe above command creates an adaptive rate limiting pol
Brocade ICX 6650 Security Configuration Guide 14953-1002601-01Enabling and using ACL statisticsEnabling ACL statisticsThe procedure for enabling ACL s
Brocade ICX 6650 Security Configuration Guide xiii53-1002601-01Brocade ICX 6650 slot and port numberingDocument conventionsThis section describes text
150 Brocade ICX 6650 Security Configuration Guide53-1002601-01Enabling and using ACL statisticsEnabling ACL statistics with rate limiting traffic poli
Brocade ICX 6650 Security Configuration Guide 15153-1002601-01Enabling and using ACL statistics Port Region# Green Conformance Yellow Conformance
152 Brocade ICX 6650 Security Configuration Guide53-1002601-01Viewing traffic policiesThe TPD-name is the name of the traffic policy definition for wh
Brocade ICX 6650 Security Configuration Guide 15353-1002601-01Chapter6802.1X Port SecurityTable 24 lists 802.1X port security features that are suppor
154 Brocade ICX 6650 Security Configuration Guide53-1002601-01How 802.1X port security worksHow 802.1X port security worksThis section explains the ba
Brocade ICX 6650 Security Configuration Guide 15553-1002601-01How 802.1X port security worksClient/Supplicant – The device that seeks to gain access t
156 Brocade ICX 6650 Security Configuration Guide53-1002601-01How 802.1X port security worksFIGURE 3 Controlled and uncontrolled ports before and aft
Brocade ICX 6650 Security Configuration Guide 15753-1002601-01How 802.1X port security worksMessage exchange during authenticationFigure 4 illustrates
158 Brocade ICX 6650 Security Configuration Guide53-1002601-01How 802.1X port security worksNOTERefer to “EAP pass-through support” on page 159.• EAP-
Brocade ICX 6650 Security Configuration Guide 15953-1002601-01How 802.1X port security worksBrocade(config)# ip mtu 1500Syntax: [no] ip mtu num The nu
xivBrocade ICX 6650 slot and port numberingATTENTIONAn Attention statement indicates potential damage to hardware or data.CAUTIONA Caution statement a
160 Brocade ICX 6650 Security Configuration Guide53-1002601-01How 802.1X port security worksFIGURE 5 Multiple hosts connected to a single 802.1X-enab
Brocade ICX 6650 Security Configuration Guide 16153-1002601-01How 802.1X port security works5. If authentication for the Client is unsuccessful the fi
162 Brocade ICX 6650 Security Configuration Guide53-1002601-01How 802.1X port security works• 802.1X multiple-host authentication has the following ad
Brocade ICX 6650 Security Configuration Guide 16353-1002601-01802.1X port security configuration802.1X accountingWhen 802.1X port security is enabled
164 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationConfiguring an authentication method list for 802.1XTo
Brocade ICX 6650 Security Configuration Guide 16553-1002601-01802.1X port security configuration• NAS-IP-Address (4) – RFC 2865• NAS-Port (5) – RFC 28
166 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationRe-authenticate a userTo configure RADIUS timeout beha
Brocade ICX 6650 Security Configuration Guide 16753-1002601-01802.1X port security configurationIf one of the attributes in the Access-Accept message
168 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationDynamic multiple VLAN assignment for 802.1X portsWhen
Brocade ICX 6650 Security Configuration Guide 16953-1002601-01802.1X port security configurationWhen the RADIUS server returns a value specifying both
Brocade ICX 6650 Security Configuration Guide xv53-1002601-01Brocade ICX 6650 slot and port numbering• Brocade ICX 6650 Diagnostic Reference• Unified
170 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationDynamically applying IP ACLs and MAC address filtersto
Brocade ICX 6650 Security Configuration Guide 17153-1002601-01802.1X port security configurationDisabling and enabling strict security mode for dynami
172 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationSyntax: [no] global-filter-strict-securityTo disable s
Brocade ICX 6650 Security Configuration Guide 17353-1002601-01802.1X port security configurationNotes for dynamically applying ACLs or MAC address fil
174 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationEnabling 802.1X port security By default, 802.1X port
Brocade ICX 6650 Security Configuration Guide 17553-1002601-01802.1X port security configurationTo activate authentication on an 802.1X-enabled interf
176 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationThe re-authentication interval is a global setting, ap
Brocade ICX 6650 Security Configuration Guide 17753-1002601-01802.1X port security configurationFor example, to cause the Brocade device to wait 60 se
178 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationBrocade(config-dot1x)# supptimeout 45Syntax: supptimeo
Brocade ICX 6650 Security Configuration Guide 17953-1002601-01802.1X port security configurationAllowing access to multiple hostsBrocade devices suppo
Copyright © 2012 Brocade Communications Systems, Inc. All Rights Reserved.Brocade, Brocade Assurance, the B-wing symbol, BigIron, DCX, Fabric OS, Fast
xviBrocade ICX 6650 slot and port numberingDocument feedbackQuality is our first concern at Brocade and we have made every effort to ensure the accura
180 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X port security configurationTo specify on an individual port that the authenticati
Brocade ICX 6650 Security Configuration Guide 18153-1002601-01802.1X port security configurationAs a shortcut, use the command [no] mac-session-aging
182 Brocade ICX 6650 Security Configuration Guide53-1002601-01802.1X accounting configurationMAC address filters for EAP framesYou can create MAC addr
Brocade ICX 6650 Security Configuration Guide 18353-1002601-01802.1X accounting configuration• The user MAC address• The authenticating physical port
184 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationnone – Use no authentication. The client is automatically a
Brocade ICX 6650 Security Configuration Guide 18553-1002601-01Displaying 802.1X informationTo display information about the 802.1X configuration on an
186 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationThe following additional information is displayed in the sh
Brocade ICX 6650 Security Configuration Guide 18753-1002601-01Displaying 802.1X informationDisplaying 802.1X statisticsTo display 802.1X statistics fo
188 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationClearing 802.1X statisticsYou can clear the 802.1X statisti
Brocade ICX 6650 Security Configuration Guide 18953-1002601-01Displaying 802.1X informationThe show run command also indicates the VLAN to which the p
Brocade ICX 6650 Security Configuration Guide 153-1002601-01Chapter1Security Access Table 1 lists the security access features supported on Brocade IC
190 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationSyntax: show dot1x mac-address-filter all | ethernet port T
Brocade ICX 6650 Security Configuration Guide 19153-1002601-01Displaying 802.1X informationSyntax: show dot1xDisplaying the status of strict security
192 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationDisplaying 802.1X multiple-host configuration informationTh
Brocade ICX 6650 Security Configuration Guide 19353-1002601-01Displaying 802.1X informationSyntax: show dot1x config ethernet portSpecify the port var
194 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying 802.1X informationExample Syntax: show dot1x mac-sessionTable 37 lists the ne
Brocade ICX 6650 Security Configuration Guide 19553-1002601-01Displaying 802.1X informationDisplaying information about the ports in an 802.1X multipl
196 Brocade ICX 6650 Security Configuration Guide53-1002601-01Sample 802.1X configurationsSample 802.1X configurationsThis section illustrates a sampl
Brocade ICX 6650 Security Configuration Guide 19753-1002601-01Sample 802.1X configurationsBrocade(config)# interface ethernet 1/2/2Brocadeconfig-if-e1
198 Brocade ICX 6650 Security Configuration Guide53-1002601-01Sample 802.1X configurationsBrocade(config)#interface ethernet 1/2/1Brocade(config-if-e1
Brocade ICX 6650 Security Configuration Guide 19953-1002601-01Multi-device port authentication and 802.1X security on the same port auth-fail-vlanid 1
2 Brocade ICX 6650 Security Configuration Guide53-1002601-01Securing access methodsAccess to the Privileged EXEC and CONFIG levels of the CLINot secur
200 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication and 802.1X security on the same port
Brocade ICX 6650 Security Configuration Guide 20153-1002601-01Chapter7MAC Port SecurityTable 39 lists the Media Access Control (MAC) port security fea
202 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC port security overviewMAC port security overviewYou can configure the Brocade device
Brocade ICX 6650 Security Configuration Guide 20353-1002601-01MAC port security configuration• Brocade devices do not support the reserved-vlan-id num
204 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC port security configurationSetting the maximum number of secure MAC addresses for an
Brocade ICX 6650 Security Configuration Guide 20553-1002601-01MAC port security configurationSpecifying secure MAC addressesYou can configure secure M
206 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC port security configurationThe minutes variable can be from 15 through 1440 minutes.
Brocade ICX 6650 Security Configuration Guide 20753-1002601-01Clearing port security statisticsDisabling the port for a specified amount of timeYou ca
208 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying port security informationDisplaying port security information You can display
Brocade ICX 6650 Security Configuration Guide 20953-1002601-01Displaying port security informationNOTEAfter every switchover or failover, the MAC “Age
Brocade ICX 6650 Security Configuration Guide 353-1002601-01Remote access to management function restrictionsRemote access to management function rest
210 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying port security informationBrocade# show port security statistics 7Module 7: T
Brocade ICX 6650 Security Configuration Guide 21153-1002601-01Chapter8MAC-based VLANsTable 44 lists the MAC-based VLAN features that are supported on
212 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC-based VLAN overviewMAC-based VLAN feature structureThe MAC-based VLAN feature operat
Brocade ICX 6650 Security Configuration Guide 21353-1002601-01Dynamic MAC-based VLANDynamic MAC-based VLANWhen enabled, the dynamic MAC-based VLAN fea
214 Brocade ICX 6650 Security Configuration Guide53-1002601-01Dynamic MAC-based VLANDynamic MAC-based VLAN configuration exampleThe following example
Brocade ICX 6650 Security Configuration Guide 21553-1002601-01MAC-based VLAN configurationvlan 4004 by port mac-vlan-permit ethernet 1/1/1 to 1/1/3def
216 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC-based VLAN configurationUsing MAC-based VLANs and 802.1X securityon the same port On
Brocade ICX 6650 Security Configuration Guide 21753-1002601-01MAC-based VLAN configurationAging for MAC-based VLANThe aging process for MAC-based VLAN
218 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC-based VLAN configurationperiod begins and lasts for a fixed length of time (default
Brocade ICX 6650 Security Configuration Guide 21953-1002601-01MAC-based VLAN configurationDisabling the aging on interfacesTo disable aging on a speci
4 Brocade ICX 6650 Security Configuration Guide53-1002601-01Remote access to management function restrictionsConsider the following to configure acces
220 Brocade ICX 6650 Security Configuration Guide53-1002601-01MAC-based VLAN configuration6. To remove and disable the MAC-based VLAN configuration.Br
Brocade ICX 6650 Security Configuration Guide 22153-1002601-01Configuring MAC-based VLANs using SNMPNOTEIf the Dynamic MAC-based VLAN is enabled after
222 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying information about MAC-based VLANsDisplaying the MAC-VLAN table for a specific
Brocade ICX 6650 Security Configuration Guide 22353-1002601-01Displaying information about MAC-based VLANsDisplaying denied MAC addressesEnter the sho
224 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying information about MAC-based VLANsDisplaying detailed MAC-VLAN dataEnter the s
Brocade ICX 6650 Security Configuration Guide 22553-1002601-01Displaying information about MAC-based VLANsDisplaying MAC-VLAN information for a specif
226 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying information about MAC-based VLANsDisplaying MAC addresses in a MAC-based VLAN
Brocade ICX 6650 Security Configuration Guide 22753-1002601-01Clearing MAC-VLAN informationDisplaying MAC-based VLAN loggingEnter the show logging com
228 Brocade ICX 6650 Security Configuration Guide53-1002601-01Sample MAC-based VLAN applicationFIGURE 9 Sample MAC-based VLAN configurationHost A MAC
Brocade ICX 6650 Security Configuration Guide 22953-1002601-01Sample MAC-based VLAN applicationmac-authentication max-age 60mac-authentication hw-deny
Brocade ICX 6650 Security Configuration Guide 553-1002601-01Remote access to management function restrictionsThe num parameter specifies the number of
230 Brocade ICX 6650 Security Configuration Guide53-1002601-01Sample MAC-based VLAN application
Brocade ICX 6650 Security Configuration Guide 23153-1002601-01Chapter9Multi-Device Port AuthenticationTable 54 lists the multi-device port authenticat
232 Brocade ICX 6650 Security Configuration Guide53-1002601-01How multi-device port authentication worksThe multi-device port authentication feature i
Brocade ICX 6650 Security Configuration Guide 23353-1002601-01How multi-device port authentication works• Username (1) – RFC 2865• NAS-IP-Address (4)
234 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication and 802.1X security on the same portDAI is supported to
Brocade ICX 6650 Security Configuration Guide 23553-1002601-01Multi-device port authentication and 802.1X security on the same port4. If the Foundry-8
236 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationIf neither of these VSAs exist in a device
Brocade ICX 6650 Security Configuration Guide 23753-1002601-01Multi-device port authentication configuration• Clearing authenticated MAC addresses (op
238 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationSpecifying the format of the MAC addresses
Brocade ICX 6650 Security Configuration Guide 23953-1002601-01Multi-device port authentication configurationSyntax: [no] mac-authentication auth-fail-
6 Brocade ICX 6650 Security Configuration Guide53-1002601-01Remote access to management function restrictionsNOTEYou must enable AAA support for conso
240 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationIf one of the attributes in the Access-Acc
Brocade ICX 6650 Security Configuration Guide 24153-1002601-01Multi-device port authentication configuration• If an untagged port had previously been
242 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationConfiguration notes and limitations• This
Brocade ICX 6650 Security Configuration Guide 24353-1002601-01Multi-device port authentication configurationAutomatic removal of dynamic VLAN assignme
244 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationThe Brocade device uses information in the
Brocade ICX 6650 Security Configuration Guide 24553-1002601-01Multi-device port authentication configuration• Dynamic ACL filters are supported only f
246 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationTo limit the susceptibility of the Brocade
Brocade ICX 6650 Security Configuration Guide 24753-1002601-01Multi-device port authentication configuration• The MAC-to-IP mapping is checked against
248 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationTo clear the authenticated MAC address tab
Brocade ICX 6650 Security Configuration Guide 24953-1002601-01Multi-device port authentication configurationThe denied-only parameter prevents denied
Brocade ICX 6650 Security Configuration Guide 753-1002601-01Remote access to management function restrictionsRestricting SNMP access to a specific IP
250 Brocade ICX 6650 Security Configuration Guide53-1002601-01Multi-device port authentication configurationSpecifying the aging time for blocked MAC
Brocade ICX 6650 Security Configuration Guide 25153-1002601-01Multi-device port authentication configurationOnce the success timeout action is enabled
252 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying multi-device port authentication informationBrocade(config)# mac-authenticati
Brocade ICX 6650 Security Configuration Guide 25353-1002601-01Displaying multi-device port authentication informationDisplaying multi-device port auth
254 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying multi-device port authentication informationThe following table describes the
Brocade ICX 6650 Security Configuration Guide 25553-1002601-01Displaying multi-device port authentication informationDisplaying the authenticated MAC
256 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying multi-device port authentication informationDisplaying the non-authenticated
Brocade ICX 6650 Security Configuration Guide 25753-1002601-01Displaying multi-device port authentication informationDisplaying multi-device port auth
258 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying multi-device port authentication informationThe following table describes the
Brocade ICX 6650 Security Configuration Guide 25953-1002601-01Displaying multi-device port authentication information802.1X override Dynamic PVID Indi
8 Brocade ICX 6650 Security Configuration Guide53-1002601-01Remote access to management function restrictionsTo allow SSH access to the Brocade device
260 Brocade ICX 6650 Security Configuration Guide53-1002601-01Example port authentication configurationsExample port authentication configurationsThis
Brocade ICX 6650 Security Configuration Guide 26153-1002601-01Example port authentication configurationsFIGURE 10 Using multi-device port authenticat
262 Brocade ICX 6650 Security Configuration Guide53-1002601-01Example port authentication configurationsExample 1— Multi-device port authentication wi
Brocade ICX 6650 Security Configuration Guide 26353-1002601-01Example port authentication configurationsmac-authentication enablemac-authentication au
264 Brocade ICX 6650 Security Configuration Guide53-1002601-01Example port authentication configurationsFIGURE 12 Using multi-device port authenticat
Brocade ICX 6650 Security Configuration Guide 26553-1002601-01Example port authentication configurationsWhen the PC is authenticated using multi-devic
266 Brocade ICX 6650 Security Configuration Guide53-1002601-01Example port authentication configurationsSince there is no profile for the PC MAC addre
Brocade ICX 6650 Security Configuration Guide 26753-1002601-01Chapter10DoS Attack ProtectionTable 64 lists DoS protection features supported in Brocad
268 Brocade ICX 6650 Security Configuration Guide53-1002601-01Smurf attacksFor each ICMP echo request packet sent by the attacker, a number of ICMP re
Brocade ICX 6650 Security Configuration Guide 26953-1002601-01TCP SYN attacksSyntax: ip icmp burst-normal value burst-max value lockup secondsThe burs
Brocade ICX 6650 Security Configuration Guide 953-1002601-01Remote access to management function restrictionsSpecifying the maximum number of login at
270 Brocade ICX 6650 Security Configuration Guide53-1002601-01TCP SYN attacksBrocade(config)# interface ethernet 1/1/3Brocade(config-if-e10000-1/1/3)#
Brocade ICX 6650 Security Configuration Guide 27153-1002601-01TCP SYN attacksThe TCP security enhancement prevents and protects against the following
272 Brocade ICX 6650 Security Configuration Guide53-1002601-01TCP SYN attacksSyntax: show statistics dos-attackTo clear statistics about ICMP and TCP
Brocade ICX 6650 Security Configuration Guide 27353-1002601-01Chapter11Rate Limiting and Rate ShapingTable 65 lists the rate limiting and rate shaping
274 Brocade ICX 6650 Security Configuration Guide53-1002601-01Port-based rate limitingHow port-based fixed rate limiting worksFixed rate limiting coun
Brocade ICX 6650 Security Configuration Guide 27553-1002601-01Port-based rate limitingConfiguration notes for port-based fixed rate limiting• Rate lim
276 Brocade ICX 6650 Security Configuration Guide53-1002601-01Rate shapingRate shapingOutbound Rate Shaping is a port-level feature for shaping the ra
Brocade ICX 6650 Security Configuration Guide 27753-1002601-01CPU rate-limitingConfiguring outbound rate shaping for a specific priorityTo configure t
278 Brocade ICX 6650 Security Configuration Guide53-1002601-01CPU rate-limitingCPU rate limiting identifies the traffic type and assigns a maximum rat
Brocade ICX 6650 Security Configuration Guide 27953-1002601-01Chapter12DHCPTable 69 lists the Dynamic Host Configuration Protocol (DHCP) packet inspec
Brocade ICX 6650 Security Configuration Guide iii53-1002601-01ContentsAbout This DocumentAudience . . . . . . . . . . . . . . . . . . . . . . . . . .
10 Brocade ICX 6650 Security Configuration Guide53-1002601-01Remote access to management function restrictionsBrocade(config)# telnet server enable vl
280 Brocade ICX 6650 Security Configuration Guide53-1002601-01Dynamic ARP inspectionDynamic ARP InspectionDynamic ARP Inspection (DAI) allows only val
Brocade ICX 6650 Security Configuration Guide 28153-1002601-01Dynamic ARP inspection• DHCP-Snooping ARP – information collected from snooping DHCP pac
282 Brocade ICX 6650 Security Configuration Guide53-1002601-01Dynamic ARP inspectionDynamic ARP inspection configurationConfiguring DAI consists of th
Brocade ICX 6650 Security Configuration Guide 28353-1002601-01DHCP snoopingEnabling trust on a portThe default trust setting for a port is untrusted.
284 Brocade ICX 6650 Security Configuration Guide53-1002601-01DHCP snoopingHow DHCP snooping worksWhen enabled on a VLAN, DHCP snooping stands between
Brocade ICX 6650 Security Configuration Guide 28553-1002601-01DHCP snoopingClient IP-to-MAC address mappingsClient IP addresses need not be on directl
286 Brocade ICX 6650 Security Configuration Guide53-1002601-01DHCP snooping1. Enable DHCP snooping on a VLAN.Refer to “Enabling DHCP snooping on a VLA
Brocade ICX 6650 Security Configuration Guide 28753-1002601-01DHCP snoopingClearing the DHCP binding databaseYou can clear the DHCP binding database u
288 Brocade ICX 6650 Security Configuration Guide53-1002601-01DHCP relay agent informationDHCP snooping configuration example The following example co
Brocade ICX 6650 Security Configuration Guide 28953-1002601-01DHCP relay agent informationAs illustrated in Figure 19, the DHCP relay agent (the Broca
Brocade ICX 6650 Security Configuration Guide 1153-1002601-01Remote access to management function restrictionsNOTEIf you have already configured a def
290 Brocade ICX 6650 Security Configuration Guide53-1002601-01DHCP relay agent informationSub-option 1 – Circuit IDThe Circuit ID (CID) identifies the
Brocade ICX 6650 Security Configuration Guide 29153-1002601-01DHCP relay agent informationDHCP option 82 configurationWhen DHCP snooping is enabled on
292 Brocade ICX 6650 Security Configuration Guide53-1002601-01DHCP relay agent informationChanging the forwarding policyWhen the Brocade device receiv
Brocade ICX 6650 Security Configuration Guide 29353-1002601-01DHCP relay agent informationViewing information about DHCP option 82 processingUse the c
294 Brocade ICX 6650 Security Configuration Guide53-1002601-01IP source guardViewing the status of DHCP option 82 and the subscriber IDUse the show in
Brocade ICX 6650 Security Configuration Guide 29553-1002601-01IP source guardWhen IP Source Guard is first enabled, only DHCP packets are allowed and
296 Brocade ICX 6650 Security Configuration Guide53-1002601-01IP source guard• 64 rules per ACL• The number of configured ACL rules affect the rate at
Brocade ICX 6650 Security Configuration Guide 29753-1002601-01IP source guardThe [vlan vlannum] parameter is optional. If you enter a VLAN number, the
298 Brocade ICX 6650 Security Configuration Guide53-1002601-01IP source guard
Brocade ICX 6650 Security Configuration Guide 29953-1002601-01Chapter13Limiting Broadcast, Multicast, and Unknown Unicast TrafficThis chapter describe
12 Brocade ICX 6650 Security Configuration Guide53-1002601-01Remote access to management function restrictionsAllowing SNMP access to the Brocade devi
300 Brocade ICX 6650 Security Configuration Guide53-1002601-01Broadcast, unknown Unicast, and Multicast rate limitingThe num variable specifies the ma
Brocade ICX 6650 Security Configuration Guide 30153-1002601-01Broadcast, unknown Unicast, and Multicast rate limitinginterface ethernet 1/1/8 broadcas
302 Brocade ICX 6650 Security Configuration Guide53-1002601-01Broadcast, unknown Unicast, and Multicast rate limiting
Brocade ICX 6650 Security Configuration Guide 30353-1002601-01IndexNumerics802.1x port securityaccounting, 163accounting attributes for RADIUS, 183acc
304 Brocade ICX 6650 Security Configuration Guide53-1002601-01displaying IPv6, 139displaying log entries, 107DSCP matching, 117enabling and viewing ha
Brocade ICX 6650 Security Configuration Guide 30553-1002601-01enable aaa console, 55enable port-config-password, 14enable super-user-password, 14, 36e
306 Brocade ICX 6650 Security Configuration Guide53-1002601-01denial of service (DoS)avoiding being a victim in a Smurf attack, 268avoiding being an i
Brocade ICX 6650 Security Configuration Guide 30753-1002601-01ip icmp burst-normal burst-max lockup, 269ip mtu, 159ip policy route-map, 123ip tcp burs
308 Brocade ICX 6650 Security Configuration Guide53-1002601-01overview, 211policy-based classification, 212sample application, 227source MAC address a
Brocade ICX 6650 Security Configuration Guide 30953-1002601-0155configuring an interface as the source for all packets, 56configuring command authoriz
Brocade ICX 6650 Security Configuration Guide 1353-1002601-01Passwords used to secure accessWhen TFTP is disabled, you are prohibited from using the c
310 Brocade ICX 6650 Security Configuration Guide53-1002601-01show dot1x statistics, 187show interface, 188show ip access-list, 103show ip arp inspect
Brocade ICX 6650 Security Configuration Guide 31153-1002601-01configuration, 17VVLANip access-group, 110mac-vlan-permit, 220source-guard enable, 297
312 Brocade ICX 6650 Security Configuration Guide53-1002601-01
14 Brocade ICX 6650 Security Configuration Guide53-1002601-01Passwords used to secure accessSyntax: [no] telnet server suppress-reject-messageSetting
Brocade ICX 6650 Security Configuration Guide 1553-1002601-01Passwords used to secure accessSyntax: enable read-only-password textNOTEIf you forget yo
16 Brocade ICX 6650 Security Configuration Guide53-1002601-01Passwords used to secure access• bgp-router – BGP4 router level; for example, Brocade(con
Brocade ICX 6650 Security Configuration Guide 1753-1002601-01Local user accountsFor example, to specify that the Line, Enable, and Local passwords be
18 Brocade ICX 6650 Security Configuration Guide53-1002601-01Local user accounts• Users are locked out (disabled) if they fail to login after three at
Brocade ICX 6650 Security Configuration Guide 1953-1002601-01Local user accountsThis password was used earlier for same or different user, please choo
iv Brocade ICX 6650 Security Configuration Guide53-1002601-01Passwords used to secure access . . . . . . . . . . . . . . . . . . . . . . . . . . .13Se
20 Brocade ICX 6650 Security Configuration Guide53-1002601-01Local user accountsA username set-time configuration is removed when:• The username and p
Brocade ICX 6650 Security Configuration Guide 2153-1002601-01Local user accountsExample Syntax: username name enableSetting passwords to expireYou can
22 Brocade ICX 6650 Security Configuration Guide53-1002601-01Local user accountsNOTEYou must grant Super User level privilege to at least one account
Brocade ICX 6650 Security Configuration Guide 2353-1002601-01Local user accounts• At least two special charactersNOTEYou must be logged on with Super
24 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securityChanging a local user passwordTo change a local user password
Brocade ICX 6650 Security Configuration Guide 2553-1002601-01TACACS and TACACS+ securityTACACS+ is an enhancement to the TACACS security protocol. TAC
26 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securitykill consoleSyntax: kill console [all | unit]• all - logs out
Brocade ICX 6650 Security Configuration Guide 2753-1002601-01TACACS and TACACS+ securityTelnet connections (inbound): 1 closed 2 closed 3
28 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ security8. The password is validated in the TACACS+ server database.9.
Brocade ICX 6650 Security Configuration Guide 2953-1002601-01TACACS and TACACS+ securityAAA operations for TACACS/TACACS+The following table lists the
Brocade ICX 6650 Security Configuration Guide v53-1002601-01Chapter 2 SSH2 and SCPSSH version 2 overview . . . . . . . . . . . . . . . . . . . . . .
30 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securityWhen you paste commands into the running-config, and AAA comma
Brocade ICX 6650 Security Configuration Guide 3153-1002601-01TACACS and TACACS+ securityEnabling TACACSTACACS is disabled by default. To configure TAC
32 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securityThe auth-port parameter specifies the UDP (for TACACS) or TCP
Brocade ICX 6650 Security Configuration Guide 3353-1002601-01TACACS and TACACS+ securitySetting the TACACS+ keyThe key parameter in the tacacs-server
34 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securityConfiguring authentication-method lists forTACACS and TACACS+Y
Brocade ICX 6650 Security Configuration Guide 3553-1002601-01TACACS and TACACS+ securityNOTEFor examples of how to define authentication-method lists
36 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ security• If the next method in the authentication method list is &quo
Brocade ICX 6650 Security Configuration Guide 3753-1002601-01TACACS and TACACS+ securityTo set a user privilege level, you can configure the “foundry-
38 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ securityExample user=bob { default service = permit member admin
Brocade ICX 6650 Security Configuration Guide 3953-1002601-01TACACS and TACACS+ security• Exec Authorization• Exec Accounting• Command authorization•
vi Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . . .86Standa
40 Brocade ICX 6650 Security Configuration Guide53-1002601-01TACACS and TACACS+ security• 4 – Records commands available at the Port Configuration lev
Brocade ICX 6650 Security Configuration Guide 4153-1002601-01RADIUS securityRADIUS securityYou can use a Remote Authentication Dial In User Service (R
42 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS security4. The Brocade device sends a RADIUS Access-Request packet containing the
Brocade ICX 6650 Security Configuration Guide 4353-1002601-01RADIUS security2. The Brocade device checks its configuration to see if the event is one
44 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityAAA security for commands pasted Into the running-configIf AAA security is
Brocade ICX 6650 Security Configuration Guide 4553-1002601-01RADIUS securityConfiguring RADIUSFollow the procedure given below to configure a Brocade
46 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityTABLE 8 Brocade vendor-specific attributes for RADIUSAttribute name Attrib
Brocade ICX 6650 Security Configuration Guide 4753-1002601-01RADIUS securityEnabling SNMP to configure RADIUSTo enable SNMP access to RADIUS MIB objec
48 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securitySpecifying different servers for individual AAA functionsIn a RADIUS confi
Brocade ICX 6650 Security Configuration Guide 4953-1002601-01RADIUS security• RADIUS servers 10.10.10.105 and 10.10.10.106 will be used to authenticat
Brocade ICX 6650 Security Configuration Guide vii53-1002601-01ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityRADIUS parametersYou can set the following parameters in a RADIUS configur
Brocade ICX 6650 Security Configuration Guide 5153-1002601-01RADIUS securitySetting the timeout parameterThe timeout parameter specifies how many seco
52 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityThe command above causes RADIUS to be the primary authentication method fo
Brocade ICX 6650 Security Configuration Guide 5353-1002601-01RADIUS securityEntering privileged EXEC mode after a Telnet or SSH loginBy default, a use
54 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityNOTEIf the aaa authorization exec default radius command exists in the con
Brocade ICX 6650 Security Configuration Guide 5553-1002601-01RADIUS securitySyntax: enable aaa consoleCAUTIONIf you have previously configured the dev
56 Brocade ICX 6650 Security Configuration Guide53-1002601-01RADIUS securityThe privilege-level parameter can be one of the following:• 0 – Records co
Brocade ICX 6650 Security Configuration Guide 5753-1002601-01RADIUS securityTABLE 10 Output of the show aaa command for RADIUSField DescriptionRadius
58 Brocade ICX 6650 Security Configuration Guide53-1002601-01Authentication-method listsAuthentication-method listsTo implement one or more authentica
Brocade ICX 6650 Security Configuration Guide 5953-1002601-01Authentication-method listsTo configure an authentication-method list for SNMP, enter a c
viii Brocade ICX 6650 Security Configuration Guide53-1002601-01Configuring adaptive rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . .
60 Brocade ICX 6650 Security Configuration Guide53-1002601-01TCP Flags - edge port securityThe method1 parameter specifies the primary authentication
Brocade ICX 6650 Security Configuration Guide 6153-1002601-01TCP Flags - edge port securityExample Brocade(config-ext-nACL)# permit tcp 10.1.1.1 0.0.0
62 Brocade ICX 6650 Security Configuration Guide53-1002601-01TCP Flags - edge port security
Brocade ICX 6650 Security Configuration Guide 6353-1002601-01Chapter2SSH2 and SCPTable 12 lists SSH2 and Secure Copy features supported on Brocade ICX
64 Brocade ICX 6650 Security Configuration Guide53-1002601-01SSH version 2 overview• SSH Fingerprint Format• SSH Protocol Assigned Numbers• SSH Transp
Brocade ICX 6650 Security Configuration Guide 6553-1002601-01SSH2 authentication typesSSH2 authentication typesThe Brocade implementation of SSH2 supp
66 Brocade ICX 6650 Security Configuration Guide53-1002601-01SSH2 authentication typesNOTEIf you have generated SSH keys on the switch, you should del
Brocade ICX 6650 Security Configuration Guide 6753-1002601-01SSH2 authentication typesThe generate keyword places an RSA host key pair in the flash me
68 Brocade ICX 6650 Security Configuration Guide53-1002601-01SSH2 authentication types1. The client sends its public key to the Brocade device.2. The
Brocade ICX 6650 Security Configuration Guide 6953-1002601-01Optional SSH parametersSyntax: ip ssh pub-key-file tftp tftp-server-ip-addr filename | re
Brocade ICX 6650 Security Configuration Guide ix53-1002601-01Displaying 802.1X information. . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
70 Brocade ICX 6650 Security Configuration Guide53-1002601-01Optional SSH parameters• Whether the Brocade device allows users to log in without supply
Brocade ICX 6650 Security Configuration Guide 7153-1002601-01Optional SSH parametersEnabling empty password loginsBy default, empty password logins ar
72 Brocade ICX 6650 Security Configuration Guide53-1002601-01Filtering SSH access using ACLsBrocade(config)# ip ssh idle-time 30 Syntax: ip ssh idle-t
Brocade ICX 6650 Security Configuration Guide 7353-1002601-01Displaying SSH informationSyntax: show ip ssh [begin expression | exclude expression | in
74 Brocade ICX 6650 Security Configuration Guide53-1002601-01Displaying SSH informationDisplaying additional SSH connection informationThe show who co
Brocade ICX 6650 Security Configuration Guide 7553-1002601-01Secure copy with SSH2Secure copy with SSH2Secure Copy (SCP) uses security built into SSH
76 Brocade ICX 6650 Security Configuration Guide53-1002601-01Secure copy with SSH2Copying a file to the startup configurationTo copy the configuration
Brocade ICX 6650 Security Configuration Guide 7753-1002601-01Secure copy with SSH2NOTEThe Brocade device supports only one SCP copy session at a time.
78 Brocade ICX 6650 Security Configuration Guide53-1002601-01SSH2 clientThe scp command can be used when TFTP access is unavailable or not permitted a
Brocade ICX 6650 Security Configuration Guide 7953-1002601-01SSH2 client• “Exporting client public keys” on page 79Generating and deleting a client DS
Comments to this Manuals