H3C Technologies H3C S12500-X Series Switches User Manual
Page 8
iii
Configuring port security ··········································································································································· 89
Overview ········································································································································································· 89
Port security features ············································································································································· 89
Port security modes ··············································································································································· 89
Configuration task list ···················································································································································· 92
Enabling port security ···················································································································································· 93
Setting port security's limit on the number of secure MAC addresses on a port ···················································· 93
Setting the port security mode ······································································································································ 94
Configuring port security features ································································································································ 95
Configuring NTK ··················································································································································· 95
Configuring intrusion protection ·························································································································· 95
Configuring secure MAC addresses ···························································································································· 96
Configuration prerequisites ·································································································································· 96
Configuration procedure ······································································································································ 97
Ignoring authorization information from the server ···································································································· 97
Enabling MAC move ····················································································································································· 97
Displaying and maintaining port security ···················································································································· 98
Port security configuration examples ··························································································································· 98
autoLearn configuration example ························································································································ 98
userLoginWithOUI configuration example ······································································································· 100
macAddressElseUserLoginSecure configuration example ··············································································· 103
Troubleshooting port security ······································································································································ 106
Cannot set the port security mode ····················································································································· 106
Cannot configure secure MAC addresses ········································································································ 106
Configuring password control ································································································································ 107
Overview ······································································································································································· 107
Password setting ·················································································································································· 107
Password updating and expiration ··················································································································· 108
User login control ················································································································································ 109
Password not displayed in any form ················································································································· 109
Logging ································································································································································· 110
FIPS compliance ··························································································································································· 110
Password control configuration task list ····················································································································· 110
Enabling password control ········································································································································· 110
Setting global password control parameters ············································································································ 111
Setting user group password control parameters ····································································································· 112
Setting local user password control parameters ······································································································· 113
Setting super password control parameters ·············································································································· 114
Displaying and maintaining password control ········································································································· 114
Password control configuration example ·················································································································· 115
Network requirements ········································································································································· 115
Configuration procedure ···································································································································· 115
Verifying the configuration ································································································································· 116
Managing public keys ············································································································································ 118
Overview ······································································································································································· 118
FIPS compliance ··························································································································································· 118
Creating a local key pair ············································································································································ 119
Configuration guidelines ···································································································································· 119
Configuration procedure ···································································································································· 119
Distributing a local host public key ···························································································································· 120
Exporting a host public key in a specific format to a file ················································································ 120
Displaying a host public key in a specific format and saving it to a file ······················································ 121
Displaying a host public key ······························································································································ 121
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches