Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
11121314151617181920
xi
FIPS compliance ··························································································································································· 444
Password control configuration task list ····················································································································· 445
Enabling password control ········································································································································· 445
Setting global password control parameters ············································································································ 446
Setting user group password control parameters ····································································································· 447
Setting local user password control parameters ······································································································· 448
Setting super password control parameters ·············································································································· 448
Setting a local user password in interactive mode ··································································································· 449
Displaying and maintaining password control ········································································································· 449
Password control configuration example ·················································································································· 450
Configuring HABP ··················································································································································· 453
Configuring an HABP server ······································································································································· 454
Configuring an HABP client ········································································································································ 454
Displaying and maintaining HABP ····························································································································· 455
HABP configuration example ······································································································································ 455
Configuring URPF ···················································································································································· 458
Overview ······································································································································································· 458
Configuring URPF ················································································································································ 458
URPF features ······················································································································································· 458
URPF work flow ···················································································································································· 458
Network application ··········································································································································· 460
Configuring URPF ························································································································································· 460
URPF configuration example ······································································································································· 461
Network requirements ········································································································································· 461
Configuration procedure ···································································································································· 461
Configuring WLAN client isolation ························································································································ 463
Configuring group domain VPN ···························································································································· 464
Overview ······································································································································································· 464
Group domain VPN structure ····························································································································· 464
Group domain VPN establishment ···················································································································· 465
KS redundancy ···················································································································································· 467
Protocols and standards ····································································································································· 468
Configuration restrictions and guidelines ·················································································································· 468
Configuring the GDOI KS ··········································································································································· 468
GDOI KS configuration task list ························································································································· 468
Configuring basic settings for a GDOI KS group ···························································································· 468
Configuring GDOI KS redundancy ··················································································································· 470
Specifying the source address for packets sent by the KS ·············································································· 471
Configuring rekey parameters ··························································································································· 472
Displaying and maintaining GDOI KS ·············································································································· 472
Configuring the GDOI GM ········································································································································· 473
GDOI GM configuration task list ······················································································································· 473
Configuring a GDOI GM group ························································································································ 473
Configuring a GDOI IPsec policy ······················································································································ 474
Applying a GDOI IPsec policy to an interface ································································································· 475
Displaying and maintaining GDOI GM ··········································································································· 476
Group domain VPN configuration example ············································································································· 477
Network requirements ········································································································································· 477
Configuration procedure ···································································································································· 477
Verifying the configuration ································································································································· 486
Troubleshooting group domain VPN ························································································································· 491
IKE SA negotiation failure ·································································································································· 491