R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

210

SSH server configuration, 79

RSA

public key management, 67

SSH client host public key configuration, 81

SSH management parameters, 83

SSH RSA host key pair, 79

SSH RSA server key pair, 79

RSA signature authentication (IKE), 177

SA lifetime

IKE, 181

saving

host public key to file, 69

SCP

client device configuration, 90

file transfer with password authentication, 110

SSH application, 77

secure shell. UseSSH

security

AAA configuration, 1, 16

AAA device implementation, 11

AAA HWTACACS implementation, 7

AAA LDAP implementation, 9

AAA MPLS L3VPN implementation, 13

AAA RADIUS implementation, 2

ACL-based IPsec, 154

applying IPsec policy, 165

ARP active acknowledgement, 129

ARP attack protection configuration, 123

ARP automatic scanning, 135

ARP black hole routing, 124

ARP detection configuration, 131

A R P fi l t e r i n g c o n f i g u r a t i o n , 137, 13 8

ARP gateway protection, 136

ARP packet rate limit configuration, 125

ARP packet source MAC consistency check, 129

ARP packet validity check, 132

ARP restricted forwarding, 133

ARP source MAC-based attack detection, 127

ARP source MAC-based attack detection

configuration, 126

ARP source suppression, 124

ARP user validity check configuration, 131

ARP user/packet validity check, 133

authentication (IPsec), 153

authorized ARP (DHCP relay agent), 130

authorized ARP configuration, 129

binding source interface to IPsec policy, 166

configuring ACL for IPsec, 156

configuring DF bit of IPsec packets, 168

configuring IKE-based IPsec policy, 161

configuring IKE-based IPsec tunnel for IPv4

packets, 172

configuring IPsec anti-replay, 166

configuring IPsec transform set, 157

configuring manual IPsec policy, 159

configuring manual IPsec tunnel for IPv4 packets,

169

enabling ACL checking for de-encapsulated

IPsec packets, 165

enabling FIPS mode, 146

enabling logging of IPsec packets, 168

enabling QoS pre-classify (IPsec), 167

encryption (IPsec), 153

entering peer public key, 72

expired password login, 58

F I PS c o n f i g u r a t i o n , 14 4 , 14 8, 149

FIPS self-test, 146

FIPS startup method, 144

fixed ARP configuration, 135

IKE configuration, 176, 178

IKE profile configuration, 179

IKE proposal configuration, 181