Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
1
53-1002601-01
Chapter
1
Security Access
lists the security access features supported on Brocade ICX 6650. These features are
supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images, except
where explicitly noted.
where explicitly noted.
This chapter explains how to secure access to management functions on a Brocade device.
NOTE
For the Brocade ICX 6650, RADIUS Challenge is supported for 802.1x authentication but not for
login authentication. Also, multiple challenges are supported for TACACS+ login authentication.
login authentication. Also, multiple challenges are supported for TACACS+ login authentication.
Securing access methods
The following table lists the management access methods available on a Brocade device, how they
are secured by default, and the ways in which they can be secured.
are secured by default, and the ways in which they can be secured.
TABLE 1
Supported security access features
Feature
Brocade ICX 6650
Authentication, Authorization and
Accounting (AAA):
Accounting (AAA):
•
RADIUS
•
TACACS/TACACS+
Yes
AAA support for console commands
Yes
Restricting remote access to management
functions
functions
Yes
Disabling TFTP access
Yes
Using ACLs to restrict remote access
Yes
Local user accounts
Yes
Local user passwords
Yes
AAA authentication-method lists
Yes
Packet filtering on TCP flags
Yes
TABLE 2
Ways to secure management access to Brocade devices
Access method
How the access
method is secured
by default
method is secured
by default
Ways to secure the access method
Serial access to the CLI
Not secured
Establish passwords for management privilege levels