Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
12345678910
iii
Working with SFTP files ········································································································································ 89
Displaying help information ································································································································· 89
Terminating the connection with the SFTP server ······························································································· 89
Configuring the device as an SCP client ····················································································································· 90
Displaying and maintaining SSH ························································································································ 91
Stelnet configuration examples ····································································································································· 92
Password authentication enabled Stelnet server configuration example ························································ 92
Publickey authentication enabled Stelnet server configuration example ························································· 94
Password authentication enabled Stelnet client configuration example ························································ 100
Publickey authentication enabled Stelnet client configuration example ························································ 103
SFTP configuration examples ······································································································································ 105
Password authentication enabled SFTP server configuration example ·························································· 105
Publickey authentication enabled SFTP client configuration example ··························································· 107
SCP file transfer with password authentication ········································································································· 110
Network requirements ········································································································································· 110
Configuration procedure ···································································································································· 111
Configuring IP source guard ·································································································································· 113
Overview ······································································································································································· 113
Static IP source guard binding entries ··············································································································· 113
Dynamic IP source guard binding entries ········································································································· 114
IP source guard configuration task list ······················································································································· 114
Configuring the IPv4 source guard function ·············································································································· 115
Enabling IPv4 source guard on an interface ···································································································· 115
Configuring a static IPv4 source guard binding entry on an interface ························································· 116
Configuring the IPv6 source guard function ·············································································································· 116
Enabling IPv6 source guard on an interface ···································································································· 116
Configuring a static IPv6 source guard binding entry on an interface ························································· 117
Displaying and maintaining IP source guard ············································································································ 117
Static IPv4 source guard configuration example ······································································································ 118
Dynamic IPv4 source guard using DHCP snooping configuration example·························································· 120
Dynamic IPv4 source guard using DHCP relay configuration example ································································· 121
Static IPv6 source guard configuration example ······································································································ 122
Configuring ARP attack protection ························································································································· 123
ARP attack protection configuration task list ············································································································· 123
Configuring unresolvable IP attack protection ·········································································································· 123
Configuring ARP source suppression ················································································································ 124
Enabling ARP black hole routing ······················································································································· 124
Displaying and maintaining unresolvable IP attack protection ······································································ 124
Configuration example ······································································································································· 124
Configuring ARP packet rate limit ······························································································································ 125
Configuration guidelines ···································································································································· 126
Configuration procedure ···································································································································· 126
Configuring source MAC-based ARP attack detection ···························································································· 126
Configuration procedure ···································································································································· 126
Displaying and maintaining source MAC address based ARP attack detection ·········································· 127
Configuration example ······································································································································· 127
Configuring ARP packet source MAC consistency check ························································································ 129
Configuring ARP active acknowledgement ··············································································································· 129
Configuring authorized ARP ······································································································································· 129
Configuration procedure ···································································································································· 129
Configuration example (on a DHCP relay agent) ···························································································· 130
Configuring ARP detection ·········································································································································· 131
Configuring user validity check ························································································································· 131