Troubleshooting port security ······································································································································ 162
Configuring password control ································································································································ 164
Overview ······································································································································································· 164
Password setting ·················································································································································· 164
User login control ················································································································································ 166
Logging ································································································································································· 167
FIPS compliance ··························································································································································· 167
Enabling password control ········································································································································· 167
Network requirements ········································································································································· 172
Configuration procedure ···································································································································· 172
Verifying the configuration ································································································································· 173
Managing public keys ············································································································································ 175
Overview ······································································································································································· 175
FIPS compliance ··························································································································································· 175
Creating a local key pair ············································································································································ 176
Configuration guidelines ···································································································································· 176
Configuration procedure ···································································································································· 177
Displaying a host public key ······························································································································ 178
Destroying a local key pair ········································································································································· 179
Entering a peer host public key ························································································································· 180
Configuring PKI ······················································································································································· 185
Overview ······································································································································································· 185
PKI terminology ···················································································································································· 185
PKI architecture ···················································································································································· 186
PKI operation ······················································································································································· 186
PKI applications ··················································································································································· 187
Support for MPLS L3VPN ···································································································································· 187
FIPS compliance ··························································································································································· 188
PKI configuration task list ············································································································································ 188
Configuring a PKI entity ·············································································································································· 188
Configuring a PKI domain ··········································································································································· 189
Requesting a certificate ··············································································································································· 192
iv