SFTP configuration examples ······································································································································ 331

Password authentication enabled SFTP server configuration example ·························································· 331

Publickey authentication enabled SFTP client configuration example ··························································· 334

SCP file transfer with password authentication ········································································································· 337

Network requirements ········································································································································· 337

Configuration procedure ···································································································································· 337

NETCONF over SSH configuration example with password authentication ························································ 339

Verifying the configuration ································································································································· 341

Configuring SSL ······················································································································································· 342

Overview ······································································································································································· 342

SSL security services ············································································································································ 342

SSL protocol stack ··············································································································································· 342

FIPS compliance ··························································································································································· 343

SSL configuration task list ············································································································································ 343

Configuring an SSL server policy ······························································································································· 343

Configuring an SSL client policy ································································································································ 344

Displaying and maintaining SSL ································································································································· 345

Configuring IP source guard ·································································································································· 346

Static IPSG bindings ············································································································································ 347

Dynamic IPSG bindings ······································································································································ 347

IPSG configuration task list ········································································································································· 348

Configuring the IPv4SG feature ·································································································································· 348

Enabling IPv4SG on an interface ······················································································································ 348

Configuring a static IPv4SG binding ················································································································ 349

Configuring the IPv6SG feature ·································································································································· 349

Enabling IPv6SG on an interface ······················································································································ 349

Configuring a static IPv6SG binding ················································································································ 350

Displaying and maintaining IPSG ······························································································································ 350

IPSG configuration examples ······································································································································ 351

Static IPv4SG configuration example ················································································································ 351

Dynamic IPv4SG using DHCP snooping configuration example ··································································· 352

Dynamic IPv4SG using DHCP relay configuration example ·········································································· 353

Static IPv6SG configuration example ················································································································ 354

Dynamic IPv6SG using DHCPv6 snooping configuration example ······························································· 355

Configuring ARP attack protection ························································································································· 357

ARP attack protection configuration task list ············································································································· 357

Configuring unresolvable IP attack protection ·········································································································· 357

Configuring ARP source suppression ················································································································ 358

Configuring ARP blackhole routing ··················································································································· 358

Displaying and maintaining unresolvable IP attack protection ······································································ 358

Configuration example ······································································································································· 359

Configuring ARP packet rate limit ······························································································································ 360

Configuration guidelines ···································································································································· 360

Configuring source MAC-based ARP attack detection ···························································································· 361

Displaying and maintaining source MAC-based ARP attack detection ························································· 361

viii