beautypg.com

H3C Technologies H3C S12500-X Series Switches User Manual

Page 8

background image

iii

Configuring port security ··········································································································································· 89

 

Overview ········································································································································································· 89

 

Port security features ············································································································································· 89

 

Port security modes ··············································································································································· 89

 

Configuration task list ···················································································································································· 92

 

Enabling port security ···················································································································································· 93

 

Setting port security's limit on the number of secure MAC addresses on a port ···················································· 93

 

Setting the port security mode ······································································································································ 94

 

Configuring port security features ································································································································ 95

 

Configuring NTK ··················································································································································· 95

 

Configuring intrusion protection ·························································································································· 95

 

Configuring secure MAC addresses ···························································································································· 96

 

Configuration prerequisites ·································································································································· 96

 

Configuration procedure ······································································································································ 97

 

Ignoring authorization information from the server ···································································································· 97

 

Enabling MAC move ····················································································································································· 97

 

Displaying and maintaining port security ···················································································································· 98

 

Port security configuration examples ··························································································································· 98

 

autoLearn configuration example ························································································································ 98

 

userLoginWithOUI configuration example ······································································································· 100

 

macAddressElseUserLoginSecure configuration example ··············································································· 103

 

Troubleshooting port security ······································································································································ 106

 

Cannot set the port security mode ····················································································································· 106

 

Cannot configure secure MAC addresses ········································································································ 106

 

Configuring password control ································································································································ 107

 

Overview ······································································································································································· 107

 

Password setting ·················································································································································· 107

 

Password updating and expiration ··················································································································· 108

 

User login control ················································································································································ 109

 

Password not displayed in any form ················································································································· 109

 

Logging ································································································································································· 110

 

FIPS compliance ··························································································································································· 110

 

Password control configuration task list ····················································································································· 110

 

Enabling password control ········································································································································· 110

 

Setting global password control parameters ············································································································ 111

 

Setting user group password control parameters ····································································································· 112

 

Setting local user password control parameters ······································································································· 113

 

Setting super password control parameters ·············································································································· 114

 

Displaying and maintaining password control ········································································································· 114

 

Password control configuration example ·················································································································· 115

 

Network requirements ········································································································································· 115

 

Configuration procedure ···································································································································· 115

 

Verifying the configuration ································································································································· 116

 

Managing public keys ············································································································································ 118

 

Overview ······································································································································································· 118

 

FIPS compliance ··························································································································································· 118

 

Creating a local key pair ············································································································································ 119

 

Configuration guidelines ···································································································································· 119

 

Configuration procedure ···································································································································· 119

 

Distributing a local host public key ···························································································································· 120

 

Exporting a host public key in a specific format to a file ················································································ 120

 

Displaying a host public key in a specific format and saving it to a file ······················································ 121

 

Displaying a host public key ······························································································································ 121