R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

280

FIPS configuration, 241, 246

FIPS mode configuration, 242

FI

PS mode entry, 242

FI

PS mode entry (automatic reboot), 246

FI

PS mode entry (manual reboot), 247

FI

PS mode exit, 244

FI

PS mode exit (automatic reboot), 249

FI

PS mode exit (manual reboot), 249

FI

PS mode system changes, 243

FI

PS self-test, 245

f

ixed ARP configuration, 229

ho

st public key export to file, 119

ho

st public key save to file, 120

IP

, 127 , S

ee also IPsec

IP source guard configuration, 205, 206, 211

I

P source guard dynamic binding entry, 206

I

P source guard static binding entry, 206

I

Psec ACL de-encapsulated packet check, 14 0

I

Psec ACL-based implementation, 132

IP

sec anti-replay configuration, 14 0

IP

sec configuration, 14 4

I

Psec crypto engine, 13 0

I

Psec encapsulation modes, 128

IP

sec IKE configuration, 15 0 , 152

I

Psec IKE configuration (main mode/pre-shared

key authentication), 161

IP

sec IKE DPD configuration, 15 8

I

Psec IKE global identity information

configuration, 157

IP

sec IKE invalid SPI recovery, 159

I

Psec IKE keepalive function configuration, 157

IP

sec IKE keychain configuration, 156

IP

sec IKE mechanism, 151

IP

sec IKE NAT keepalive function

configuration, 15 8

IP

sec IKE negotiation failure (no proposal or

keychain referenced correctly), 164

IP

sec IKE negotiation failure troubleshooting (no

proposal match), 16 4

IP

sec IKE profile configuration, 153

IP

sec IKE proposal configuration, 155

IP

sec IKE SA max number set, 159

IP

sec IKE SNMP notification, 160

IP

sec IKE troubleshooting, 164

I

Psec IKE-based tunnel for IPv4 packets

configuration, 147

I

Psec packet DF bit, 142

I

Psec packet logging enable, 142

I

Psec policy application to interface, 139

I

Psec policy configuration, 135

I

Psec policy configuration (IKE-based), 137

I

Psec protocols, 128

I

Psec QoS pre-classify enable, 141

I

Psec SA negotiation failure (invalid identity

info), 165

I

Psec SA negotiation failure (no transform set

match), 165

IP

sec SNMP notification, 143

I

Psec source interface policy bind, 141

I

Psec transform set configuration, 133

I

Psec tunnel establishment, 131

I

Psec tunnel for IPv4 packets configuration, 14 4

I

Pv4 source guard dynamic configuration with

DHCP relay, 214

I

Pv4 source guard dynamic configuration with

DHCP snooping, 213

I

Pv4 source guard static configuration, 211

I

Pv6 source guard static configuration, 215

loc

al host public key distribution, 119

local k

ey pair creation, 118

loc

al key pair destruction, 12 0

MA

C authentication configuration, 79, 80, 84

MA

C authentication delay configuration, 83, 83

MA

C authentication domain specification, 81

MA

C authentication enable, 80

MA

C authentication max number concurrent port

users configuration, 82

MA

C authentication methods, 79

MA

C authentication timer configuration, 82

MA

C authentication user account format, 81

MA

C authentication user account policies, 79

MA

C local authentication configuration, 84

main

taining 802.1X, 75

main

taining ARP detection, 227

main

taining crypto engine, 240

main

taining IPsec IKE, 160

main

taining MAC authentication, 83

main

taining password control, 113

p

assword control configuration, 106, 109, 114

pa

ssword control enable, 109

pa

ssword control global parameters, 110