How it Works
Brocade Communications Systems
Loading...
PowerConnect B-FCXs
Release Note
55 pgs1.14 Mb0

Brocade Communications Systems PowerConnect B-FCXs, IronWare Release Note

Summary of Changes
Publication Date
IronWare Software Release
07.2.00a for Brocade FESX, FSX, SX, FCX, FGS, FGS-STK, FLS, FLS-STK, and FWS Switches Release Notes v1.0
New document
November 2010
IronWare Software Release R07.2.00a for Brocade FESX, FSX, SX, FCX, FGS, FGS­STK, FLS, FLS-STK, and FWS Switches
Release Notes v1.0
November 15, 2010
Document History
Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
Notice: The information in this document is provided “AS IS,” without warranty of any kind, including, without limitation, any implied warranty of merchantability, noninfringement or fitness for a particular purpose. Disclosure of information in this material in no way grants a recipient any rights under Brocade's patents, copyrights, trade secrets or other intellectual property rights. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
Notice: The product described by this document may contain “open source” software covered by the GNU General Public License
or other open source license agreements. To find-out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Export of technical data contained in this document may require an export license from the United States Government.
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 2 of 55
Contents
Supported devices .........................................................................................................5
Summary of enhancements .......................................................................................5
Summary of enhancements in R07.2.00a ................................................................................................. 5
Summary of enhancements in FSX R07.2.00 ........................................................................................... 5
Summary of enhancements in FCX R07.2.00 ........................................................................................... 8
Summary of enhancements in FGS R07.2.00 ........................................................................................... 9
CLI differences in IronWare release R07.2.00a....................................................................................10
Configuration notes and feature limitations .........................................................................................10
New limit for IPv4 system-max ip-cache .................................................................................................................. 10
IronView Network Manager (INM) limitation ....................................................................................................... 11
ACL Statistics on FGS, FLS, and FWS devices.......................................................................................................... 11
IGMP Snooping feature limitation on FESX, FSX, and SX devices ................................................................ 11
Show interface brief command output ...................................................................................................................... 11
ICMP redirect messages .................................................................................................................................................... 11
Enabling and Disabling DHCP-client service on FSX Base Layer 3 devices ............................................ 11
Note regarding Telnet and Internet Explorer 7 .................................................................................................... 12
Note regarding US-Cert advisory 120541 ............................................................................................................... 13
Feature support .......................................................................................................... 14
Supported management features ..............................................................................................................14
Supported security features ........................................................................................................................16
Supported system-level features ...............................................................................................................18
Supported Layer 2 features .........................................................................................................................22
Supported base Layer 3 features ...............................................................................................................25
Supported edge Layer 3 features...............................................................................................................25
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 3 of 55
Supported full Layer 3 features .................................................................................................................27
Supported IPv6 management features ....................................................................................................29
Unsupported features....................................................................................................................................30
Software image files for IronWare release R07.2.00a ................................... 32
Factory pre-loaded software .......................................................................................................................32
Upgrading the software ............................................................................................ 33
Important notes about upgrading or downgrading the software .................................................33
Upgrading the software to the new release ...........................................................................................34
Upgrading the boot code ................................................................................................................................................... 34
Upgrading the flash code .................................................................................................................................................. 35
Confirming software versions (IronStack devices) ............................................................................................ 36
Technical support ...................................................................................................... 37
Getting help or reporting errors ........................................................................... 37
Web access .........................................................................................................................................................37
E-mail and telephone access .......................................................................................................................37
Additional resources ................................................................................................. 37
Defects ............................................................................................................................ 39
Customer reported defects closed with code in Release R07.2.00a .............................................39
Customer reported defects closed with code in Release R07.2.00................................................41
Customer reported defects closed without code in Release R07.2.00 .........................................49
Open defects in Release R07.2.00 .............................................................................................................49
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 4 of 55
Supported devices
Feature
Description
Refer to the FastIron Configuration Guide, section entitled...
New hardware - SX-FI48GPP interface module with 2:1 oversubscription and PoE+ support
48-port 10/100/1000 Mbps (RJ45) Ethernet POE interface module
Refer to the Brocade FastIron X
Series Chassis Hardware Installation Guide
POE+ support on the SX­FI48GPP interface module
The SX-FI48GPP interface module supports Power over Ethernet (POE) and Power over Ethernet Plus (POE+), compliant with the standards described in the IEEE 802.3af and
802.3at specifications for delivering in-line power.
Configuring Power Over Ethernet
This software release applies to the following Brocade FastIron switches:
FastIron X Series:
FastIron Edge Switch X Series (FESX) FastIron Edge Switch X Series Expanded (FESXE) FastIron SuperX Switch (FSX) FastIron SX 800, 1600, and 1600-ANR
FastIron GS (FGS) and FastIron LS (FLS) FastIron GS-STK (FGS-STK) and FastIron LS-STK (FLS-STK) FastIron CX (FCX) FastIron WS (FWS)
Summary of enhancements
This section lists the enhancements in software release 07.2.00 and later.
Summary of enhancements in R07.2.00a
There are no enhancements in release 07.2.00a. Release 07.2.00a contains software fixes; however, software release 07.2.00a has a different Interprocessor Communications (IPC ) version for FCX, FGS­STK, and FLS-STK. Refer to the section “Upgrading the software” on page 33 for details.
Summary of enhancements in FSX R07.2.00
Table 1 lists the enhancements in software release 07.2.00 for FESX, FSX, and SX devices.
Table 1 Enhancements in FSX R07.2.00
IronWare Software Release 07.2.00a for Brocade FastIron switches
Release Notes v 1.0 Page 5 of 55
Feature
Description
Refer to the FastIron Configuration Guide, section entitled...
Hitless management:
Layer 2 and Layer 3
Hitless failover
Layer 3 Hitless OS upgrade
This release adds support for Layer 2 and Layer 3 hitless failover as well as Layer 3 hitless OS upgrade. Releases prior to 07.2.00a support Layer 2 hitless OS upgrade only. These high-availability features enable the standby management module to take over the active role with no loss of data traffic during a software failure, hardware failure, or operating system upgrade.
Hitless management on the FSX 800 and FSX 1600 OSPF graceful restart
OSPF graceful restart is a high-availability routing feature that minimizes disruption in traffic forwarding, diminishes route flapping, and provides continuous service during a system restart, switchover, failover, or hitless OS upgrade. During such events, routes remain available between devices.
OSPF graceful restart
BGP4 graceful restart
BGP4 graceful restart is a high-availability routing feature that minimizes disruption in traffic forwarding, diminishes route flapping, and provides continuous service during a system restart, switchover, failover, or hitless OS upgrade. During such events, routes remain available between devices.
BGP4 graceful restart
DHCP Server support in the Layer 2 and full Layer 3 software image
FastIron devices can be configured to operate as a DHCP server. A DHCP server allocates IP addresses for specified periods of time (known as leases) and manages the IP address pools and the binding (leased addresses) database.
DHCP Server
DHCP Client-Based Auto­update
Enables Layer 2 and base Layer 3 devices to automatically obtain leased IP addresses through a DHCP server, negotiate address lease renewal, and obtain flash image and configuration files.
DHCP Client-Based Auto­Configuration and Flash image update
DHCP Server with IP helper
DHCP server and IP helper address are supported together on the same port.
DHCP Server and Configuring an IP helper address
Ability to disable DHCP Server on the management port
You can configure the DHCP Server to silently discard DHCP client requests received on the management port.
Disabling DHCP Server on the management port
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 6 of 55
Feature
Description
Refer to the FastIron Configuration Guide, section entitled...
QoS for the SX-FI48GPP module
The SX-FI48GPP module supports QoS for packets in an oversubscribed environment. QoS configuration and functionality is different on the SX-FI48GPP compared to other interface modules.
Configuring Quality of Service
Buffer profiles on the SX­FI48GPP module
To increase or decrease the queue depth limits for a port on the SX-FI48GPP module, you must configure a buffer profile that defines the queue depth limits, and apply the buffer profile to the port.
Dynamic buffer allocation for QoS priorities for FastIron X Series devices
IGMP snooping querier enhancement
You can use the show ip multicast vlan command to display the querier information for a VLAN. This command displays the VLAN interface status and if there is any other querier present with the lowest IP address.
Displaying querier information
Flexible VE numbering
When configuring virtual routing interfaces on a device, you can now specify a number from 1 through 4095. However, the total number of virtual routing interfaces that are configured must not exceed the system-max limit of 512.
Assigning an IP address to a virtual interface
New SNMP MIBs
SNMP MIB support has been added for the following features:
Dynamic ARP Inspection DHCP snooping IP Source Guard EMCP
IronWare MIB Reference Guide
IronWare Software Release 07.2.00a for Brocade FastIron switches
Release Notes v 1.0 Page 7 of 55
Summary of enhancements in FCX R07.2.00
Feature
Description
See the FastIron Configuration Guide, section entitled...
Hitless stacking:
Layer 2 and Layer 3
Hitless switchover
Layer 2 and Layer 3
Hitless failover
Hitless stacking is a high-availability feature set that enables the Standby Controller to take over the active role with sub-second or no loss of data traffic during a hardware or software failure.
FCX hitless stacking
OSPF graceful restart
OSPF graceful restart is a high-availability routing feature that minimizes disruption in traffic forwarding, diminishes route flapping, and provides continuous service during a system restart, switchover, or failover. During such events, routes remain available between devices.
OSPF graceful restart
BGP4 graceful restart
BGP4 graceful restart is a high-availability routing feature that minimizes disruption in traffic forwarding, diminishes route flapping, and provides continuous service during a system restart, switchover, or failover. During such events, routes remain available between devices.
BGP4 graceful restart
Private VLANs on tagged ports
For FCX devices only, this release supports private VLANs on tagged ports. Previous releases support private VLANs on untagged ports only.
Configuring private VLAN
IGMP snooping querier enhancement
You can use the show ip multicast vlan command to display the querier information for a VLAN. This command displays the VLAN interface status and if there is any other querier present with the lowest IP address.
Displaying querier information
Flexible VE numbering
When configuring virtual routing interfaces on a device, you can now specify a number from 1 through 4095. However, the total number of virtual routing interfaces that are configured must not exceed the system-max limit of 512.
Assigning an IP address to a virtual interface
Table 2 lists the enhancements in software release 07.2.00 for FCX devices.
Table 2 Enhancements in FCX R07.2.00
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 8 of 55
Feature
Description
See the FastIron Configuration Guide, section entitled...
DHCP Server with IP helper
DHCP server and IP helper address are supported together on the same port.
DHCP Server and Configuring an IP helper address
Ability to disable DHCP Server on the management port
You can configure the DHCP Server to silently discard DHCP client requests received on the management port.
Disabling DHCP Server on the management port
New SNMP MIBs
SNMP MIB support has been added for the following features:
Dynamic ARP Inspection DHCP snooping IP Source Guard EMCP
IronWare MIB Reference Guide
Feature
Description
See the FastIron Configuration Guide, section entitled...
IGMP snooping querier enhancement
You can use the show ip multicast vlan command to display the querier information for a VLAN. This command displays the VLAN interface status and if there is any other querier present with the lowest IP address.
Displaying querier information
Flexible VE numbering
When configuring virtual routing interfaces on a device, you can now specify a number from 1 through 4095. However, the total number of virtual routing interfaces that are configured must not exceed the system-max limit of 512.
Assigning an IP address to a virtual interface DHCP Server with IP helper
DHCP server and IP helper address are supported together on the same port.
DHCP Server and Configuring an IP helper address
Summary of enhancements in FGS R07.2.00
Table 3 lists the enhancements in software release 07.2.00 for FGS, FGS-STK, FLS, FLS-STK, and FWS devices.
Table 3 Enhancements in FGS R07.2.00
IronWare Software Release 07.2.00a for Brocade FastIron switches
Release Notes v 1.0 Page 9 of 55
Feature
Description
See the FastIron Configuration Guide, section entitled...
New SNMP MIBs
SNMP MIB support has been added for the following features:
Dynamic ARP Inspection DHCP snooping IP Source Guard EMCP
IronWare MIB Reference Guide
CLI differences in IronWare release R07.2.00a
The FastIron Configuration Guide and the section Configuration notes and feature limitations in these release notes describe the CLI differences in IronWare release 07.2.00a compared with earlier releases. No CLI commands have been deprecated for this release.
Configuration notes and feature limitations
This section contains configuration notes and describes some feature limitations in this release.
48-port 10/100/1000 Mbps Ethernet POE (SX-FI48GPP) interface module limitations
The following configuration limitations apply to this module:
Q-in-Q and SAV (VLAN stacking) are not supported on this module. For systems with this module and IPv4 or IPv6 interface modules or management modules with user
ports:
GRE tunnels and IPv6 over IPv4 tunnels are not supported.
NOTE: If the SX-FI48GPP module is inadvertently inserted in a system that has IPv4 or IPv6 interface modules, or a management module with user ports, existing tunnels will be taken down immediately. To recover, you must physically remove the module that caused the mix-and-match condition, then disable and re-enable the tunnel interfaces.
Legacy ports and 48 Gbps copper ports cannot be members of the same trunk.
Virtual cable testing (CLI command phy cable-diag tdr) is not supported on the SX-FI48GPP module
in software release 07.2.00.
New limit for IPv4 system-max ip-cache
Starting in software release 07.2.00, for FCX and FastIron X Series devices, the maximum value for system-max ip-cache (IPv4) is reduced from 256000 to 32768. When you upgrade to release 07.2.00 and if your configuration has an ip-cache value greater than 32768, it will be automatically reduced to
32768.
IronWare Software Release 07.2.00a for Brocade FastIron switches
Release Notes v 1.0 Page 10 of 55
IronView Network Manager (INM) limitation
INM version 3.3.01 and later does not support download of the 07.2.00 router images (SXL07200.bin and SXR07200.bin). Also, with INM version 03.3.01 and later, it will take approximately six minutes to upload the Layer 2 switch image (SXS07200.bin) from the FastIron switch to a TFTP server.
ACL Statistics on FGS, FLS, and FWS devices
The FGS, FLS, and FWS do not support the use of traffic policies for ACL statistics only (CLI command traffic-policy <TPD name> count). However, these models do support the use of traffic policies for ACL
statistics together with rate limiting traffic policies. For more information, refer to “Enabling ACL statistics with rate limiting traffic policies” in the FastIron Configuration Guide.
IGMP Snooping feature limitation on FESX, FSX, and SX devices
High CPU utilization will occur when IGMP Snooping and PIM/DVMRP routing are enabled simultaneously on a FESX, FSX, or SX router. With IGMP Snooping and PIM/DVMRP Routing enabled simultaneously on a given system, IP Multicast data packets received in the snooping VLAN(s) will be forwarded to client ports via the hardware; however, copies of these packets will also be received and dropped by the CPU.
Show interface brief command output
If a port name is longer than 5 characters, the port name will be truncated in the output of the show interface brief command.
ICMP redirect messages
In software release 07.2.00, ICMP redirect messages are disabled by default, whereas in prior releases, ICMP redirect messages are enabled by default.
If ICMP redirect messages were enabled prior to upgrading to release 07.2.00, you will need to re-
enable this feature after upgrading to 07.2.00. To do so, enter the ip icmp redirect command at the global CONFIG level of the CLI.
If ICMP redirect messages were disabled prior to upgrading to release 07.2.00, the configuration (no
ip icmp redirect) will be removed from the configuration file after upgrading to 07.2.00, since this
feature is now disabled by default. In this case, ICMP redirect messages will not be sent and no further action is required.
Enabling and Disabling DHCP-client service on FSX Base Layer 3 devices
By default, DHCP-client service is enabled. If the DHCP-Server is connected to an interface on a FSX Base L3 device, the interface is assigned a leased IP address. To disable DHCP-client service on an interface on a FSX Base L3 device, and assign a new IP address, enter the following commands.
Note: In release 07.2.00, the DHCP-client service feature can only be enabled or disabled on a FSX Base L3 device by performing the following steps.
1. Remove the dynamic IP address assigned to the interface. For example, enter a command such
as the following.
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 11 of 55
FastIron(config-if-e1000-3/1)# no ip address 10.10.10.10/24
Syntax: no ip address <ip-address>
2. Assign a new IP address to the interface. For example, enter a command such as the following.
FastIron(config-if-e1000-3/1)# ip address 10.10.2.1/24
Syntax: ip address <ip-address>
3. To save the configuration, enter the write memory command on the CLI as displayed in the
following example.
FastIron(config)# write memory
FastIron(config)# end
4. Reload the FSX Base L3 device by entering the following command:
FastIron# reload
The DHCP-client service feature is now removed from the interface.
To enable DHCP-client service on an interface on a FSX Base L3 device when a static IP address is assigned to the interface, enter the following commands.
1. Remove the static IP address assigned to the interface. For example, enter a command such as
the following.
FastIron(config-if-e1000-3/1)# no ip address 10.10.10.10/24
Syntax: no ip address <ip-address>
2. To save the configuration, enter the write memory command on the CLI as displayed in the
following example.
FastIron(config)# write memory
FastIron(config)# end
3. Reload the FSX Base L3 device by entering the following command:
FastIron# reload
Once the device has reloaded, the DHCP-client service will start up and a new dynamic IP address is assigned to the interface. The DHCP-client service feature is now enabled on the interface.
Note regarding Telnet and Internet Explorer 7
The Telnet function in Web management does not work with Internet Explorer version 7.0.5730. The system goes to "telnet://10.43.43.145" page when the user clicks web/general system configuration/ (telnet) in Internet Explorer version 7.0.5730. This is a known issue for Internet Explorer. To work around this issue, you must download and install a patch for IE 7. To do so, go to
http://www.lib.ttu.edu.tw/file/IE7_telnet.reg.
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 12 of 55
Note regarding US-Cert advisory 120541
In order to address the SSL and TLS vulnerability issue discussed in US-Cert advisory 120541, the Web server re-negotiation feature has been disabled in this release so that SSL re-negotiation requests will not be honored by the Brocade IP device Web server.
Based on Cert advisory 120541, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are vulnerable to Man-In-The-Middle (MITM) attacks. Vulnerability is in the way SSL and TLS protocols allow re-negotiation requests, which may allow a MITM to inject arbitrary requests into an application HTTP protocol stream. This could result in a situation where the MITM may be able to harm the Brocade IP device through the Web Management interface.
For more information regarding Cert advisory 120541, refer to the following links:
http://extendedsubset.com/?p=8 http://www.links.org/?p=780 http://www.links.org/?p=786 http://www.links.org/?p=789 http://blogs.iss.net/archive/sslmitmiscsrf.html http://www.ietf.org/mail-archive/web/tls/current/msg03948.html https://bugzilla.redhat.com/show_bug.cgi?id=533125 http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html http://cvs.openssl.org/chngview?cn=18790 http://www.links.org/files/no-renegotiation-2.patch http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 13 of 55
Feature support
Category and description
FESX FSX FSX 800 FSX 1600
FGS FLS
FGS-STK FLS-STK
FWS
FCX
802.1X accounting
Yes
Yes
Yes
Yes
Yes
AAA support for console commands
Yes
No
No
No
Yes
Access Control Lists (ACLs) for controlling management access
Yes
Yes
Yes
Yes
Yes Alias command
Yes
Yes
Yes
Yes
Yes
Combined DSCP and internal marking in one ACL rule
Yes
No
No
No
No
Single source address for the following packet types:
Telnet TFTP Syslog SNTP TACACS/TACACS+ RADIUS SSH SNMP
Yes
No
No
No
No
DHCP client-based auto-configuration
No
Yes
Yes
Yes
Yes
DHCP server
Yes
Yes
Yes
Yes
Yes
Disabling TFTP access
Yes
No
No
No
Yes
These release notes include a list of supported features in IronWare software for the FastIron devices supported in this release. For more information about supported features, refer to the manuals listed in Additional resources.
Supported management features
Table 4 lists the supported management features. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images.
Table 4 Supported management features
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 14 of 55
Category and description
FESX FSX FSX 800 FSX 1600
FGS FLS
FGS-STK FLS-STK
FWS
FCX
Hitless management:
Hitless switchover Hitless failover Hitless OS upgrade
Yes (FSX 800 and FSX 1600 only)
No
No
No
See next line item
Hitless stacking management:
Hitless stacking switchover Hitless stacking failover
No
No
No
No
Yes IronView Network Manager (optional
standalone and HP OpenView GUI)
Yes
Yes
Yes
Yes
Yes Remote monitoring (RMON)
Yes
Yes
Yes
Yes
Yes
Retaining Syslog messages after a soft reboot
Yes
Yes
Yes
Yes
Yes sFlow support for IPv6 packets
Yes
Yes
Yes
Yes
Yes
sFlow version 2
Yes
Yes
Yes
Yes
Yes
sFlow version 5 (default)
Yes
Yes
Yes
Yes
Yes
Industry-standard Command Line Interface (CLI), including support for:
Serial and Telnet access Alias command On-line help Command completion Scroll control Line editing Searching and filtering output Special characters
Yes
Yes
Yes
Yes
Yes
Show log on all terminals
Yes
Yes
Yes
Yes
Yes
SNMP v1, v2, v3
Yes
Yes
Yes
Yes
Yes
SNMP V3 traps
Yes
Yes
Yes
Yes
Yes
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 15 of 55
Category and description
FESX FSX FSX 800 FSX 1600
FGS FLS
FGS-STK FLS-STK
FWS
FCX
Specifying the maximum number of entries allowed in the RMON Control Table
Yes
No
No
No
Yes Specifying which IP address will be included in a DHCP/BOOTP reply packet
Yes
No
No
No
Yes Traffic counters for outbound traffic
Yes
No
No
No
No
Web-based GUI
Yes
Yes
Yes
Yes
Yes
Web-based management HTTPS/SSL
Yes
Yes
Yes
Yes
Yes
Category and description
FESX FSX FSX 800 FSX 1600
FGS FLS
FGS-STK FLS-STK
FWS
FCX
802.1X port security
Yes
Yes
Yes
Yes
Yes
802.1X authentication RADIUS timeout action
Yes
Yes
Yes
Yes
Yes
802.1X dynamic assignment for ACL, MAC filter, and VLAN
Yes
Yes
Yes
Yes
Yes
Access Control Lists (ACLs) for filtering transit traffic
Support for inbound ACLs only.
Outbound ACLs are not supported.
Yes
Yes
Yes
Yes
Yes
Address locking (for MAC addresses)
Yes
Yes
Yes
Yes
Yes
AES Encryption for SNMP v3
Yes
Yes
Yes
Yes
Yes
AES Encryption for SSH v2
Yes
Yes
Yes
Yes
Yes
Supported security features
Table 5 lists the supported security features. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images.
Table 5 Supported security features
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 16 of 55
Category and description
FESX FSX FSX 800 FSX 1600
FGS FLS
FGS-STK FLS-STK
FWS
FCX
Authentication, Authorization and Accounting (AAA):
RADIUS TACACS/TACACS+
Yes
Yes
Yes
Yes
Yes Denial of Service (DoS) attack protection:
Smurf (ICMP) attacks TCP SYN attacks
Yes
Yes
Yes
Yes
Yes
DHCP Snooping
Yes
Yes
Yes
Yes
Yes
Dynamic ARP Inspection
Yes
Yes
Yes
Yes
Yes
EAP Pass-through Support
Yes
Yes
Yes
Yes
Yes
HTTPS
Yes
Yes
Yes
Yes
Yes
IP Source Guard
Yes
Yes
Yes
Yes
Yes
Local passwords
Yes
Yes
Yes
Yes
Yes
MAC address filter override of 802.1X
Yes
Yes
Yes
Yes
Yes
MAC address filtering (filtering on source and destination MAC addresses)
Yes
Yes
Yes
Yes
Yes Ability to disable MAC learning
Yes
Yes
Yes
Yes
Yes
Flow-based MAC address learning
Yes
No
No
No
Yes
MAC port security
Yes
Yes
Yes
Yes
Yes
Multi-device port authentication
Yes
Yes
Yes
Yes
Yes
Support for Multi-Device Port Authentication together with:
Dynamic VLAN assignment
Yes
Yes
Yes
Yes
Yes
Dynamic ACLs
Yes
Yes
Yes
Yes
Yes
802.1X
Yes
Yes
Yes
Yes
Yes
Dynamic ARP inspection with
dynamic ACLs
Yes
No
No
No
No
IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 17 of 55
Loading...
+ 38 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use