R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

201

SSH Stelnet client source IP address, 84

IP source guard

configuration, 113 , 114

displaying, 117

dynamic binding entries, 114

IPv4. See IPv4 source guard

IPv4 static configuration, 118

IPv4 static entry on interface, 116

IPv6. See IPv6 source guard

IPv6 static entry on interface, 117

maintaining, 117

static binding entries, 113

ip validity check (ARP), 132

IPsec

ACL-based IPsec, 154

applying IPsec policy, 165

authentication, 153

binding source interface to IPsec policy, 166

configuration, 151

configuring ACL, 156

configuring anti-replay, 166

configuring DF bit of IPsec packets, 168

configuring IKE profile, 179

configuring IKE proposal, 181

configuring IKE-based policy, 161

configuring IKE-based tunnel for IPv4 packets,

172

configuring manual policy, 159

configuring manual tunnel for IPv4 packets, 169

configuring transform set, 157

displaying, 169

enabling ACL checking for de-encapsulated

IPsec packets, 165

enabling logging of IPsec packets, 168

enabling QoS pre-classify, 167

encapsulation modes, 151

encryption, 153

IKE, 176

IKE configuration, 178

IKE negotiation process, 176

IKE security mechanism, 177

implementation, 154

implementing ACL-based IPsec, 155

keywords in ACL rules, 156

maintaining, 169

mirror image ACLs, 157

protocols and standards, 155

SA, 153

security protocols, 151

tunnel establishment, 155

IPsec policy

applying, 165

binding to source interface, 166

configuration (IKE mode), 161

configuration (manual mode), 159

IPsec policy template

configuring IKE-based IPsec policy, 163

IPsec transform set

configuration, 157

IPsec tunnel

configuring for IPv4 packets (IKE mode), 172

configuring for IPv4 packets (manual mode),

169

IPv4

configuring IKE-based IPsec tunnel, 172

configuring manual IPsec tunnel, 169

source guard. See IPv4 source guard

IPv4 source guard

configuration, 113 , 114 , 115

displaying, 117

dynamic binding entries, 114

dynamic configuration with DHCP relay, 121