Brocade Communications Systems Brocade ICX 6650 6650 User Manual
60
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
TCP Flags - edge port security
The method1 parameter specifies the primary authentication method. The remaining optional
method parameters specify additional methods to try if an error occurs with the primary method. A
method can be one of the values listed in the Method Parameter column in the following table.
method parameters specify additional methods to try if an error occurs with the primary method. A
method can be one of the values listed in the Method Parameter column in the following table.
TCP Flags - edge port security
The edge port security feature works in combination with IP ACL rules, and supports all 6 TCP flags
present in the offset 13 of the TCP header:
present in the offset 13 of the TCP header:
•
+|- urg = Urgent
•
+|- ack = Acknowledge
•
+|- psh = Push
•
+|- rst = Reset
•
+|- syn = Synchronize
•
+|- fin = Finish
TCP flags can be combined with other ACL functions (such as dscp-marking and traffic policies),
giving you greater flexibility when designing ACLs.
giving you greater flexibility when designing ACLs.
The TCP flags feature offers two options, match-all and match-any:
•
Match-any - Indicates that incoming TCP traffic must be matched against any of the TCP flags
configured as part of the match-any ACL rule. In CAM hardware, the number of ACL rules will
match the number of configured flags.
configured as part of the match-any ACL rule. In CAM hardware, the number of ACL rules will
match the number of configured flags.
•
Match-all - Indicates that incoming TCP traffic must be matched against all of the TCP flags
configured as part of the match-all ACL rule. In CAM hardware, there will be only one ACL rule
for all configured flags.
configured as part of the match-all ACL rule. In CAM hardware, there will be only one ACL rule
for all configured flags.
TABLE 11
Authentication method values
Method parameter
Description
line
Authenticate using the password you configured for Telnet access. The Telnet password is
configured using the enable telnet password… command. Refer to
configured using the enable telnet password… command. Refer to
enable
Authenticate using the password you configured for the Super User privilege level. This
password is configured using the enable super-user-password… command. Refer to
password is configured using the enable super-user-password… command. Refer to
local
Authenticate using a local user name and password you configured on the device. Local
user names and passwords are configured using the username… command. Refer to
user names and passwords are configured using the username… command. Refer to
tacacs
Authenticate using the database on a TACACS server. You also must identify the server to
the device using the tacacs-server command.
the device using the tacacs-server command.
tacacs+
Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.
the device using the tacacs-server command.
radius
Authenticate using the database on a RADIUS server. You also must identify the server to
the device using the radius-server command. Refer to
the device using the radius-server command. Refer to
none
Do not use any authentication method. The device automatically permits access.