H3C Technologies H3C S6300 Series Switches User Manual

Page 10

Cannot set the port security mode ····················································································································· 160

Cannot configure secure MAC addresses ········································································································ 161

Configuring password control ································································································································ 162

Overview ······································································································································································· 162

Password setting ·················································································································································· 162

Password updating and expiration ··················································································································· 163

User login control ················································································································································ 164

Password not displayed in any form ················································································································· 164

Logging ································································································································································· 165

FIPS compliance ··························································································································································· 165

Password control configuration task list ····················································································································· 165

Enabling password control ········································································································································· 165

Setting global password control parameters ············································································································ 166

Setting user group password control parameters ····································································································· 167

Setting local user password control parameters ······································································································· 168

Setting super password control parameters ·············································································································· 169

Displaying and maintaining password control ········································································································· 169

Password control configuration example ·················································································································· 170

Network requirements ········································································································································· 170

Configuration procedure ···································································································································· 170

Verifying the configuration ································································································································· 171

Managing public keys ············································································································································ 173

Creating a local key pair ············································································································································ 174

Configuration guidelines ···································································································································· 174

Distributing a local host public key ···························································································································· 175

Exporting a host public key in a specific format to a file ················································································ 175

Displaying a host public key in a specific format and saving it to a file ······················································ 176

Displaying a host public key ······························································································································ 176

Destroying a local key pair ········································································································································· 177

Configuring a peer host public key ···························································································································· 177

Importing a peer host public key from a public key file ·················································································· 178

Entering a peer host public key ························································································································· 178

Displaying and maintaining public keys ··················································································································· 178

Examples of public key management ························································································································ 178

Example for entering a peer host public key ···································································································· 178

Example for importing a public key from a public key file ············································································· 180

Configuring PKI ······················································································································································· 183

PKI terminology ···················································································································································· 183

PKI architecture ···················································································································································· 184

PKI operation ······················································································································································· 185

PKI applications ··················································································································································· 185

PKI configuration task list ············································································································································ 185

Configuring a PKI entity ·············································································································································· 186

Configuring a PKI domain ··········································································································································· 187

Requesting a certificate ··············································································································································· 189

Configuring automatic certificate request ········································································································· 190

Manually requesting a certificate ······················································································································ 190

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches