HPE FlexFabric 7900 Series Security Configuration Manual page 6

IPsec SA negotiation failed due to invalid identity information ······························································· 140
Configuring SSH ························································································· 143
Overview ························································································································································ 143
How SSH works ····································································································································· 143
SSH authentication methods ·················································································································· 144
FIPS compliance ············································································································································ 145
Configuring the device as an SSH server ······································································································ 145
SSH server configuration task list ·········································································································· 145
Generating local DSA or RSA key pairs ································································································· 146
Enabling the Stelnet server ···················································································································· 147
Enabling the SFTP server ······················································································································ 147
Enabling the SCP server ························································································································ 147
Configuring NETCONF over SSH ·········································································································· 147
Configuring user lines for SSH login ······································································································ 148
Configuring a client's host public key ····································································································· 148
Configuring an SSH user ······················································································································· 149
Configuring the SSH management parameters ····················································································· 150
Configuring the device as an Stelnet client ···································································································· 151
Stelnet client configuration task list ········································································································ 151
Specifying a source IP address for SSH packets··················································································· 151
Establishing a connection to an Stelnet server ······················································································ 152
Configuring the device as an SFTP client ······································································································ 153
SFTP client configuration task list ·········································································································· 153
Specifying the source IP address for SFTP packets ·············································································· 153
Establishing a connection to an SFTP server ························································································ 153
Working with SFTP directories ··············································································································· 154
Working with SFTP files ························································································································· 154
Displaying help information ···················································································································· 155
Terminating the connection with the SFTP server ················································································· 155
Configuring the device as an SCP client ········································································································ 155
Displaying and maintaining SSH ···················································································································· 156
Stelnet configuration examples ······················································································································ 156
Password authentication enabled Stelnet server configuration example ··············································· 157
Publickey authentication enabled Stelnet server configuration example ··············································· 159
Password authentication enabled Stelnet client configuration example ················································ 165
Publickey authentication enabled Stelnet client configuration example ················································· 168
SFTP configuration examples ························································································································ 170
Password authentication enabled SFTP server configuration example ················································· 170
Publickey authentication enabled SFTP client configuration example ··················································· 172
SCP file transfer with password authentication ······························································································ 175
Network requirements ···························································································································· 176
Configuration procedure ························································································································· 176
Configuring IP source guard ······································································· 178
Overview ························································································································································ 178
Static IPSG bindings ······························································································································ 178
Dynamic IPSG bindings ························································································································· 179
IPSG configuration task list ···························································································································· 179
Configuring the IPv4SG feature ····················································································································· 179
Enabling IPv4SG on an interface ··········································································································· 179
Configuring a static IPv4SG binding ······································································································ 180
Displaying and maintaining IPSG ·················································································································· 181
IPSG configuration examples ························································································································ 181
Static IPv4SG configuration example ····································································································· 181
Dynamic IPv4SG using DHCP snooping configuration example ··························································· 182
Dynamic IPv4SG using DHCP relay configuration example ·································································· 183
Configuring ARP attack protection ······························································ 185
ARP attack protection configuration task list ·································································································· 185
Configuring unresolvable IP attack protection ······························································································· 185
Configuring ARP source suppression ···································································································· 186
iv