R21xx-HP FlexFabric 11900 Security Configuration Guide
196
composition policy (password control), 57
conditional self-test, 147
configuration guidelines
FIPS, 145
configuration restrictions
FIPS, 145
configuring
AAA, 1, 16
AAA accounting methods for ISP domain, 42
AAA authentication methods for ISP domain, 40
AAA authorization methods for ISP domain, 41
AAA HWTACACS schemes, 29
AAA ISP domain attributes, 39
AAA LDAP schemes, 35
AAA local user, 18
AAA local user attributes, 19
AAA methods for ISP domain, 38
AAA RADIUS schemes, 21
AAA schemes, 18
AAA user group attributes, 20
ACL for IPsec, 156
ACL rules for IPsec, 156
ARP active acknowledgement, 129
ARP attack protection, 123
ARP automatic scanning, 135
ARP detection, 131
A R P fi l t e r i n g , 137, 13 8
ARP gateway protection, 136
ARP packet rate limit, 125
ARP packet source MAC consistency check, 129
ARP packet validity check, 132
ARP restricted forwarding, 133
ARP source MAC-based attack detection, 126,
127
ARP source suppression, 124
ARP user validity check, 131
ARP user/packet validity check, 133
authorized ARP, 129
authorized ARP (DHCP relay agent), 130
device as SCP client, 90
DF bit of IPsec packets, 168
FIPS, 144
FIPS (automatic reboot), 148
FIPS (manual reboot), 149
fixed ARP, 135
HWTACACS server SSH user AAA, 43
IKE DPD, 185
IKE global ID, 183
IKE keepalive, 184
IKE keychain, 182
IKE NAT keepalive, 184
IKE profile, 179
IKE proposal, 181
IKE-based IPsec policy, 161
IKE-based IPsec tunnel for IPv4 packets, 172
IP attack protection (unresolvable), 123, 124
IP source guard, 113 , 114
IPsec anti-replay, 166
IPsec transform set, 157
IPv4 dynamic source guard with DHCP relay,
121
IPv4 dynamic source guard with DHCP
snooping, 120
IPv4 source guard function, 115
IPv4 source guard static entry on interface, 116
IPv4 static source guard, 118
IPv6 source guard function, 116
IPv6 source guard static entry on interface, 117
IPv6 static source guard, 122
LDAP administrator attributes, 37
LDAP server IP address, 36
LDAP server SSH user authentication, 50