R211x-HP Flexfabric 11900 Security Configuration Guide
iii
Configuring port security ··········································································································································· 88
Overview ········································································································································································· 88
Port security features ············································································································································· 88
Port security modes ··············································································································································· 88
Configuration task list ···················································································································································· 91
Enabling port security ···················································································································································· 92
Setting port security's limit on the number of secure MAC addresses on a port ···················································· 92
Setting the port security mode ······································································································································ 93
Configuring port security features ································································································································ 94
Configuring NTK ··················································································································································· 94
Configuring intrusion protection ·························································································································· 94
Configuring secure MAC addresses ···························································································································· 95
Configuration prerequisites ·································································································································· 95
Configuration procedure ······································································································································ 96
Ignoring authorization information from the server ···································································································· 96
Enabling MAC move ····················································································································································· 96
Displaying and maintaining port security ···················································································································· 97
Port security configuration examples ··························································································································· 97
autoLearn configuration example ························································································································ 97
userLoginWithOUI configuration example ········································································································· 99
macAddressElseUserLoginSecure configuration example ··············································································· 102
Troubleshooting port security ······································································································································ 105
Cannot set the port security mode ····················································································································· 105
Cannot configure secure MAC addresses ········································································································ 105
Configuring password control ································································································································ 106
Overview ······································································································································································· 106
Password setting ·················································································································································· 106
Password updating and expiration ··················································································································· 107
User login control ················································································································································ 108
Password not displayed in any form ················································································································· 108
Logging ································································································································································· 109
FIPS compliance ··························································································································································· 109
Password control configuration task list ····················································································································· 109
Enabling password control ········································································································································· 109
Setting global password control parameters ············································································································ 110
Setting user group password control parameters ····································································································· 111
Setting local user password control parameters ······································································································· 112
Setting super password control parameters ·············································································································· 113
Displaying and maintaining password control ········································································································· 113
Password control configuration example ·················································································································· 114
Network requirements ········································································································································· 114
Configuration procedure ···································································································································· 114
Verifying the configuration ································································································································· 115
Managing public keys ············································································································································ 117
Overview ······································································································································································· 117
FIPS compliance ··························································································································································· 117
Creating a local key pair ············································································································································ 118
Configuration guidelines ···································································································································· 118
Configuration procedure ···································································································································· 118
Distributing a local host public key ···························································································································· 119
Exporting a host public key in a specific format to a file ················································································ 119
Displaying a host public key in a specific format and saving it to a file ······················································ 120
Displaying a host public key ······························································································································ 120