Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
12345678910
iv
Configuring cross-subnet portal authentication ································································································ 138
Configuring extended direct portal authentication ·························································································· 140
Configuring extended re-DHCP portal authentication ····················································································· 144
Configuring extended cross-subnet portal authentication ··············································································· 147
Configuring portal server detection and portal user synchronization ··························································· 151
Configuring cross-subnet portal authentication for MPLS L3VPNs ································································· 156
Troubleshooting portal ················································································································································· 158
No portal authentication page is pushed for users ························································································· 158
Cannot log out portal users on the access device ··························································································· 159
Cannot log out portal users on the RADIUS server ·························································································· 159
Users logged out by the access device still exist on the portal authentication server ·································· 160
Re-DHCP portal authenticated users cannot log in successfully······································································ 160
Configuring port security ········································································································································ 161
Overview ······································································································································································· 161
Port security features ··········································································································································· 161
Port security modes ············································································································································· 162
Feature and hardware compatibility ·························································································································· 164
Configuration task list ·················································································································································· 165
Enabling port security ·················································································································································· 165
Setting port security's limit on the number of secure MAC addresses on a port ·················································· 165
Setting the port security mode ···································································································································· 166
Configuring port security features ······························································································································ 167
Configuring NTK ················································································································································· 167
Configuring intrusion protection ························································································································ 167
Configuring secure MAC addresses ·························································································································· 168
Configuration prerequisites ································································································································ 169
Configuration procedure ···································································································································· 169
Ignoring authorization information from the server ·································································································· 169
Enabling MAC move ··················································································································································· 170
Displaying and maintaining port security ·················································································································· 170
Port security configuration examples ························································································································· 171
autoLearn configuration example ······················································································································ 171
userLoginWithOUI configuration example ······································································································· 173
macAddressElseUserLoginSecure configuration example ··············································································· 176
Troubleshooting port security ······································································································································ 179
Cannot set the port security mode ····················································································································· 179
Cannot configure secure MAC addresses ········································································································ 180
Configuring password control ································································································································ 181
Overview ······································································································································································· 181
Password setting ·················································································································································· 181
Password updating and expiration ··················································································································· 182
User login control ················································································································································ 183
Password not displayed in any form ················································································································· 184
Logging ································································································································································· 184
FIPS compliance ··························································································································································· 184
Password control configuration task list ····················································································································· 184
Enabling password control ········································································································································· 184
Setting global password control parameters ············································································································ 185
Setting user group password control parameters ····································································································· 186
Setting local user password control parameters ······································································································· 187
Setting super password control parameters ·············································································································· 188
Displaying and maintaining password control ········································································································· 188
Password control configuration example ·················································································································· 189