Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
12345678910
viii
Troubleshooting portal ················································································································································· 338
Inconsistent keys on the access device and the portal server ········································································· 338
Incorrect server port number on the access device ·························································································· 339
Configuring firewall ················································································································································ 340
Overview ······································································································································································· 340
ACL based packet-filter ······································································································································· 340
ASPF ······································································································································································ 341
Configuring a packet-filter firewall ····························································································································· 344
Packet-filter firewall configuration task list ········································································································ 344
Enabling the firewall function ····························································································································· 344
Configuring the default filtering action of the firewall ····················································································· 345
Enabling fragment inspection····························································································································· 345
Configuring the high and low thresholds for fragment inspection ································································· 346
Configuring packet filtering on an interface ···································································································· 346
Configuring Ethernet frame filtering ·················································································································· 347
Displaying and maintaining a packet-filter firewall ························································································· 348
Packet-filter firewall configuration example ······································································································ 348
Configuring an ASPF ··················································································································································· 350
ASPF configuration task list ································································································································ 350
Enabling the firewall function ····························································································································· 350
Configuring an ASPF policy ······························································································································· 350
Applying an ASPF policy to an interface ·········································································································· 351
Enabling the session logging function for ASPF ······························································································· 351
Configuring port mapping ·································································································································· 352
Displaying and maintaining ASPF ····················································································································· 352
ASPF configuration example ······························································································································ 353
Configuring SSH ····················································································································································· 355
Overview ······································································································································································· 355
How SSH works ··················································································································································· 355
SSH authentication methods ······························································································································· 356
SSH support for MPLS L3VPN ···························································································································· 357
FIPS compliance ··························································································································································· 357
Configuring the device as an SSH server ·················································································································· 358
SSH server configuration task list ······················································································································ 358
Generating local DSA or RSA key pairs ··········································································································· 358
Enabling the SSH server function ······················································································································· 359
Enabling the SFTP server function ······················································································································ 359
Configuring the user interfaces for SSH clients ································································································ 360
Configuring a client's host public key ··············································································································· 360
Configuring an SSH user ···································································································································· 361
Setting the SSH management parameters ········································································································ 363
Configuring the device as an Stelnet client ··············································································································· 364
Stelnet client configuration task list ···················································································································· 364
Specifying a source IP address or source interface for the Stelnet client ······················································ 364
Enabling and disabling first-time authentication ······························································································ 365
Establishing a connection to an Stelnet server ································································································· 366
Configuring the device as an SFTP client ·················································································································· 366
SFTP client configuration task list ······················································································································· 367
Specifying a source IP address or source interface for the SFTP client ························································· 367
Establishing a connection to an SFTP server ···································································································· 367
Working with SFTP directories ··························································································································· 368
Working with SFTP files ······································································································································ 369
Displaying help information ······························································································································· 370