R211x-HP Flexfabric 11900 Security Command Reference
Table Of Contents
- Title Page
- Contents
- AAA commands
- General AAA commands
- aaa session-limit
- accounting command
- accounting default
- accounting lan-access
- accounting login
- authentication default
- authentication lan-access
- authentication login
- authentication super
- authorization command
- authorization default
- authorization lan-access
- authorization login
- authorization-attribute (ISP domain view)
- display domain
- domain
- domain default enable
- state (ISP domain view)
- Local user commands
- RADIUS commands
- accounting-on enable
- data-flow-format (RADIUS scheme view)
- display radius scheme
- display radius statistics
- key (RADIUS scheme view)
- nas-ip (RADIUS scheme view)
- primary accounting (RADIUS scheme view)
- primary authentication (RADIUS scheme view)
- radius nas-ip
- radius session-control enable
- radius scheme
- reset radius statistics
- retry
- retry realtime-accounting
- secondary accounting (RADIUS scheme view)
- secondary authentication (RADIUS scheme view)
- security-policy-server
- snmp-agent trap enable radius
- state primary
- state secondary
- timer quiet (RADIUS scheme view)
- timer realtime-accounting (RADIUS scheme view)
- timer response-timeout (RADIUS scheme view)
- user-name-format (RADIUS scheme view)
- vpn-instance (RADIUS scheme view)
- HWTACACS commands
- data-flow-format (HWTACACS scheme view)
- display hwtacacs scheme
- hwtacacs nas-ip
- hwtacacs scheme
- key (HWTACACS scheme view)
- nas-ip (HWTACACS scheme view)
- primary accounting (HWTACACS scheme view)
- primary authentication (HWTACACS scheme view)
- primary authorization
- reset hwtacacs statistics
- secondary accounting (HWTACACS scheme view)
- secondary authentication (HWTACACS scheme view)
- secondary authorization
- timer quiet (HWTACACS scheme view)
- timer realtime-accounting (HWTACACS scheme view)
- timer response-timeout (HWTACACS scheme view)
- user-name-format (HWTACACS scheme view)
- vpn-instance (HWTACACS scheme view)
- LDAP commands
- General AAA commands
- 802.1X commands
- MAC authentication commands
- Port security commands
- display port-security
- display port-security mac-address block
- display port-security mac-address security
- port-security authorization ignore
- port-security enable
- port-security intrusion-mode
- port-security mac-address security
- port-security mac-move permit
- port-security max-mac-count
- port-security ntk-mode
- port-security oui
- port-security port-mode
- port-security timer autolearn aging
- port-security timer disableport
- Password control commands
- display password-control
- display password-control blacklist
- password-control { aging | composition | history | length } enable
- password-control aging
- password-control alert-before-expire
- password-control complexity
- password-control composition
- password-control enable
- password-control expired-user-login
- password-control history
- password-control length
- password-control login idle-time
- password-control login-attempt
- password-control super aging
- password-control super composition
- password-control super length
- password-control update-interval
- reset password-control blacklist
- reset password-control history-record
- Public key management commands
- IPsec commands
- ah authentication-algorithm
- description
- display ipsec { ipv6-policy | policy }
- display ipsec sa
- display ipsec statistics
- display ipsec transform-set
- display ipsec tunnel
- encapsulation-mode
- esp authentication-algorithm
- esp encryption-algorithm
- ike-profile
- ipsec anti-replay check
- ipsec anti-replay window
- ipsec apply
- ipsec decrypt-check enable
- ipsec logging packet enable
- ipsec df-bit
- ipsec global-df-bit
- ipsec { ipv6-policy | policy }
- ipsec { ipv6-policy | policy } local-address
- ipsec sa global-duration
- ipsec sa idle-time
- ipsec transform-set
- local-address
- pfs
- protocol
- qos pre-classify
- remote-address
- reset ipsec sa
- reset ipsec statistics
- sa duration
- sa hex-key authentication
- sa hex-key encryption
- sa idle-time
- sa spi
- sa string-key
- security acl
- snmp-agent trap enable ipsec
- transform-set
- IKE commands
- authentication-algorithm
- authentication-method
- dh
- display ike proposal
- display ike sa
- dpd
- encryption-algorithm
- exchange-mode
- ike dpd
- ike identity
- ike invalid-spi-recovery enable
- ike keepalive interval
- ike keepalive timeout
- ike keychain
- ike limit
- ike nat-keepalive
- ike profile
- ike proposal
- inside-vpn
- keychain
- local-identity
- match local address (IKE keychain view)
- match local address (IKE profile view)
- match remote
- pre-shared-key
- priority (IKE keychain view)
- priority (IKE profile view)
- proposal
- reset ike sa
- reset ike statistics
- sa duration
- snmp-agent trap enable ike
- SSH commands
- SSH server commands
- display ssh server
- display ssh user-information
- sftp server enable
- sftp server idle-timeout
- ssh server acl
- ssh server authentication-retries
- ssh server authentication-timeout
- ssh server compatible-ssh1x enable
- ssh server dscp
- ssh server enable
- ssh server ipv6 acl
- ssh server ipv6 dscp
- ssh server rekey-interval
- ssh user
- SSH client commands
- SSH server commands
- IP source guard commands
- ARP attack protection commands
- Unresolvable IP attack protection commands
- ARP packet rate limit commands
- Source MAC-based ARP attack detection commands
- ARP packet source MAC consistency check commands
- ARP active acknowledgement commands
- Authorized ARP commands
- ARP detection commands
- ARP automatic scanning and fixed ARP commands
- ARP gateway protection commands
- ARP filtering commands
- uRPF commands
- Crypto engine commands
- FIPS commands
- Support and other resources
- Index
ii
security-policy-server ············································································································································· 54
snmp-agent trap enable radius ···························································································································· 55
state primary ·························································································································································· 56
state secondary ······················································································································································ 57
timer quiet (RADIUS scheme view) ······················································································································ 58
timer realtime-accounting (RADIUS scheme view) ····························································································· 59
timer response-timeout (RADIUS scheme view) ·································································································· 60
user-name-format (RADIUS scheme view) ··········································································································· 60
vpn-instance (RADIUS scheme view) ··················································································································· 61
HWTACACS commands ··············································································································································· 62
data-flow-format (HWTACACS scheme view) ···································································································· 62
display hwtacacs scheme ····································································································································· 63
hwtacacs nas-ip ····················································································································································· 65
hwtacacs scheme··················································································································································· 66
key (HWTACACS scheme view) ·························································································································· 67
nas-ip (HWTACACS scheme view) ····················································································································· 68
primary accounting (HWTACACS scheme view) ······························································································ 69
primary authentication (HWTACACS scheme view) ························································································· 70
primary authorization ··········································································································································· 72
reset hwtacacs statistics ········································································································································ 73
secondary accounting (HWTACACS scheme view) ·························································································· 74
secondary authentication (HWTACACS scheme view) ····················································································· 76
secondary authorization ······································································································································· 77
timer quiet (HWTACACS scheme view) ············································································································· 79
timer realtime-accounting (HWTACACS scheme view) ····················································································· 80
timer response-timeout (HWTACACS scheme view) ························································································· 81
user-name-format (HWTACACS scheme view) ·································································································· 81
vpn-instance (HWTACACS scheme view) ·········································································································· 82
LDAP commands ····························································································································································· 83
authentication-server ············································································································································· 83
display ldap scheme ············································································································································· 84
ip ············································································································································································· 85
ipv6 ········································································································································································· 86
ldap scheme ··························································································································································· 87
ldap server ····························································································································································· 88
login-dn ··································································································································································· 88
login-password ······················································································································································ 89
protocol-version ····················································································································································· 90
search-base-dn ······················································································································································· 91
search-scope ·························································································································································· 91
server-timeout ························································································································································· 92
user-parameters ····················································································································································· 93
802.1X commands ···················································································································································· 95
display dot1x ························································································································································· 95
dot1x ······································································································································································· 97
dot1x authentication-method ································································································································ 98
dot1x handshake ··················································································································································· 99
dot1x mandatory-domain ··································································································································· 100
dot1x max-user ···················································································································································· 101
dot1x multicast-trigger ········································································································································· 101
dot1x port-control ················································································································································ 102
dot1x port-method ··············································································································································· 103
dot1x quiet-period ··············································································································································· 104
dot1x re-authenticate ·········································································································································· 104