Displaying help information ······························································································································· 193

Terminating the connection to the remote SFTP server ···················································································· 193

SFTP client configuration example ····························································································································· 193

SFTP server configuration example ···························································································································· 197

Configuring SSL ······················································································································································· 200

SSL security mechanism ······································································································································ 200

SSL protocol stack ··············································································································································· 200

SSL configuration task list ············································································································································ 201

Configuring an SSL server policy ······························································································································· 201

Configuration prerequisites ································································································································ 201

Configuration procedure ···································································································································· 201

SSL server policy configuration example ·········································································································· 202

Configuring an SSL client policy ································································································································ 204

Displaying and maintaining SSL ································································································································ 205

Troubleshooting SSL ····················································································································································· 205

SSL handshake failure ········································································································································· 205

Configuring TCP attack protection ························································································································· 207

Enabling the SYN Cookie feature ······························································································································ 207

Displaying and maintaining TCP attack protection ·································································································· 207

Configuring IP source guard ·································································································································· 208

Static IP source guard binding entries ·············································································································· 208

Dynamic IP source guard binding entries ········································································································· 209

IP source guard configuration task list ······················································································································· 209

Configuring the IPv4 source guard function ·············································································································· 209

Configuring IPv4 source guard on a port ········································································································· 209

Configuring a static IPv4 source guard binding entry ···················································································· 210

Setting the maximum number of IPv4 source guard binding entries ····························································· 211

Configuring the IPv6 source guard function ·············································································································· 211

Configuring IPv6 source guard on a port ········································································································· 211

Configuring a static IPv6 source guard binding entry ···················································································· 212

Setting the maximum number of IPv6 source guard binding entries ····························································· 213

Displaying and maintaining IP source guard ············································································································ 213

IP source guard configuration examples ··················································································································· 214

Static IPv4 source guard binding entry configuration example ····································································· 214

Dynamic IPv4 source guard binding by DHCP snooping configuration example ······································· 216

Dynamic IPv4 source guard binding by DHCP relay configuration example ·············································· 217

Static IPv6 source guard binding entry configuration example ····································································· 219

Dynamic IPv6 source guard binding by DHCPv6 snooping configuration example ··································· 219

Dynamic IPv6 source guard binding by ND snooping configuration example············································ 221

Troubleshooting IP source guard ································································································································ 222

Cannot configure static binding entries or dynamic binding function ··························································· 222

Configuring ARP attack protection························································································································· 223

ARP attack protection configuration task list ············································································································· 223

Configuring ARP defense against IP packet attacks ································································································· 224

Configuring ARP source suppression ················································································································ 224

Enabling ARP black hole routing ······················································································································· 225

Displaying and maintaining ARP defense against IP packet attacks ····························································· 225

ARP defense against IP packet attack configuration example ········································································ 225

Configuring ARP packet rate limit ······························································································································ 226

Configuring source MAC address-based ARP attack detection ·············································································· 227

Displaying and maintaining source MAC address-based ARP attack detection ·········································· 227

vii

Table of Contents