R2511-HP MSR Router Series Security Configuration Guide(V5)
ix
Terminating the connection with the SFTP server ····························································································· 370
Configuring the device as an SCP client ··················································································································· 370
SCP client configuration task list ························································································································ 370
Transferring files with an SCP server ················································································································· 371
Displaying and maintaining SSH ······························································································································· 371
Stelnet configuration examples ··································································································································· 372
Password authentication enabled Stelnet server configuration example ······················································ 372
Publickey authentication enabled Stelnet server configuration example ······················································· 374
Password authentication enabled Stelnet client configuration example ························································ 379
Publickey authentication enabled Stelnet client configuration example ························································ 382
SFTP configuration examples ····························································································································· 384
Password authentication enabled SFTP server configuration example ·························································· 384
Publickey authentication enabled SFTP client configuration example ··························································· 386
SCP configuration example········································································································································· 389
Network requirements ········································································································································· 390
Configuration procedure ···································································································································· 390
Configuring SSL ······················································································································································· 392
Overview ······································································································································································· 392
SSL security mechanism ······································································································································ 392
SSL protocol stack ··············································································································································· 392
FIPS compliance ··························································································································································· 393
Configuration task list ·················································································································································· 393
Configuring an SSL server policy ······························································································································· 394
Configuring an SSL client policy ································································································································ 395
Displaying and maintaining SSL ································································································································· 396
SSL server policy configuration example ··················································································································· 396
Troubleshooting SSL ····················································································································································· 398
SSL handshake failure ········································································································································· 398
Configuring SSL VPN ·············································································································································· 400
Configuration procedure ············································································································································· 401
SSL VPN configuration example ································································································································· 401
Configuring a user profile ······································································································································ 404
Overview ······································································································································································· 404
Feature and hardware compatibility ·························································································································· 404
User profile configuration task list ······························································································································ 404
Creating a user profile ················································································································································ 405
Performing configurations in user profile view ········································································································· 405
Enabling a user profile ················································································································································ 405
Displaying and maintaining user profile ··················································································································· 405
Configuring ARP attack protection ························································································································· 406
Overview ······································································································································································· 406
ARP attack protection configuration task list ············································································································· 406
Configuring unresolvable IP attack protection ·········································································································· 406
Configuring ARP source suppression ················································································································ 407
Displaying and maintaining ARP source suppression ····················································································· 407
Configuration example ······································································································································· 407
Configuring source MAC-based ARP attack detection ···························································································· 408
Displaying and maintaining source MAC-based ARP attack detection ························································· 409
Source MAC-based ARP attack detection configuration example ································································· 409
Configuring ARP packet source MAC consistency check ························································································ 411
Configuring ARP active acknowledgement ··············································································································· 411
Configuring ARP automatic scanning and fixed ARP ······························································································· 411