R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

265

static binding entry, 206

ip validity check (ARP), 226

IP

sec

ACL configuration, 133

A

CL de-encapsulated packet check, 14 0

A

CL IPsec anti-replay configuration, 140

AC

L rule keywords, 133

A

CL-based implementation, 132

A

CL-based IPsec, 131

a

uthentication, 13 0

a

uthentication algorithms, 13 0

c

onfiguration, 127 , 14 4

c

onfiguration restrictions, 13 5

c

rypto engine, 13 0

displa

ying, 14 3

enc

apsulation modes, 128

enc

ryption, 13 0

enc

ryption algorithms, 13 0

FI

PS compliance, 131

I

KE configuration, 15 0 , 152

I

KE configuration (main mode/pre-shared key

authentication), 161

I

KE DPD configuration, 158

I

KE global identity information

configuration, 157

I

KE identity authentication, 151

IK

E invalid SPI recovery, 159

I

KE keepalive function configuration, 157

I

KE keychain configuration, 156

IKE N

AT keepalive function configuration, 158

IK

E negotiation, 150

I

KE negotiation failure (no proposal or keychain

referenced correctly), 16 4

I

KE negotiation failure troubleshooting (no

proposal match), 16 4

I

KE negotiation mode, 129

I

KE profile configuration, 153

I

KE proposal configuration, 155

I

KE SA max number, 159

IK

E security mechanism, 151

I

KE SNMP notification, 160

I

KE troubleshooting, 164

I

KE-based tunnel for IPv4 packets

configuration, 147

i

mplementation, 130

main

taining, 143

mir

ror image ACLs, 133

non

-mirror image ACLs, 133

pac

ket DF bit configuration, 142

pac

ket logging enable, 142

poli

cy application to interface, 139

poli

cy configuration, 135

poli

cy configuration (IKE-based), 137

poli

cy configuration restrictions, 137

pr

otocols and standards, 131

Q

oS pre-classify enable, 141

SA

, 129

S

A negotiation failure (invalid identity info), 165

S

A negotiation failure (no transform set match), 165

sec

urity protocols, 128

S

NMP notification configuration, 143

so

urce interface policy bind, 141

tr

ansform set configuration, 133

tunnel e

stablishment, 131

tunnel f

or IPv4 packets configuration, 14 4

IP

v4

security IPsec IKE-based tunnel for IPv4 packets

configuration, 147

sec

urity IPsec tunnel for IPv4 packets

configuration, 14 4

so

urce guard. See IPv4 source guard

IP

v4 source guard

configuration, 205, 206, 207, 211

displa

ying, 210

d

ynamic binding entry, 206

d

ynamic configuration with DHCP relay, 214

d

ynamic configuration with DHCP snooping, 213

enable

on interface, 207

main

taining, 210

stati

c binding entry, 206

stati

c configuration, 211

stati

c entry (global), 208

stat

ic entry (on interface), 208

IP

v6

source guard. See IPv6 source guard

IP

v6 source guard

configuration, 205, 206, 209, 211

displa

ying, 210

d

ynamic binding entry, 206

enable

on interface, 209