R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

264

displaying, 160

DPD configuration, 158

FI

PS compliance, 152

global i

dentity information configuration, 157

i

dentity authentication, 151

in

valid SPI recovery, 159

I

Psec IKE-based tunnel for IPv4 packets

configuration, 147

I

Psec negotiation mode, 129

I

Psec policy configuration (IKE-based), 137

IP

sec SA, 129

I

Psec tunnel establishment, 131

k

eepalive function configuration, 157

k

eychain configuration, 156

main

taining, 160

N

AT keepalive function configuration, 158

negoti

ation, 150

negoti

ation failure (no proposal or keychain

referenced correctly), 16 4

negoti

ation failure troubleshooting (no proposal

match), 16 4

PF

S, 152

pr

ofile configuration, 153

pr

oposal configuration, 155

pr

otocols and standards, 152

S

A max number set, 159

sec

urity mechanism, 151

S

NMP notification, 160

tr

oubleshooting, 16 4

IM

C

security AAA RADIUS session-control

feature, 45

i

mplementing

security 802.1X HP MAC-based access

control, 69

sec

urity 802.1X HP port-based access

control, 69

s

ecurity AAA for MPLS L3VPNs, 13

s

ecurity AAA HWTACACS, 7

s

ecurity AAA LDAP, 9

s

ecurity AAA on device, 11

s

ecurity AAA RADIUS, 2

sec

urity ACL-based IPsec, 131 , 132

sec

urity IPsec, 13 0

im

porting

security peer host public key from file, 121

sec

urity public key from file, 124

initi

ating

security 802.1X authentication, 64, 65

In

ternet Key Exchange. See IKE

in

trusion protection

blockmac mode, 94

disa

bleport mode, 94

disa

bleport-temporarily mode, 94

por

t security feature, 88

IP

security. Use IPsec

s

ecurity ARP unresolvable IP attack

protection, 217, 218

s

ecurity ARP unresolvable IP attack protection

(blackhole routing), 217

s

ecurity ARP unresolvable IP attack protection

(source suppression), 217

s

ecurity ARP unresolvable IP attack protection

display, 217

s

ecurity uRPF configuration, 234, 238

uRP

F configuration, 237

I

P addressing

security AAA HWTACACS outgoing packet source

IP address, 35

sec

urity AAA LDAP server IP address

configuration, 38

s

ecurity AAA RADIUS outgoing packet source IP

address, 28

sec

urity AAA RADIUS security policy server IP

address configuration, 30

sec

urity ARP attack protection configuration, 216

sec

urity ARP filtering configuration, 232

sec

urity ARP gateway protection, 231

s

ecurity ARP user/packet validity check, 228

sec

urity authorized ARP (DHCP relay agent), 224

sec

urity authorized ARP (DHCP server), 223

sec

urity SSH SFTP client source IP

address/interface, 179

sec

urity SSH Stelnet client source IP address, 177

I

P source guard

configuration, 205, 206, 211

displa

ying, 210

d

ynamic binding entry, 206

IP

v4. See IPv4 source guard

IP

v6. See IPv6 source guard

main

taining, 210