HPE FlexFabric 7900 Series Security Configuration Manual page 7

Configuring ARP blackhole routing ········································································································ 186
Displaying and maintaining unresolvable IP attack protection ······························································· 186
Configuration example ··························································································································· 187
Configuring ARP packet rate limit ·················································································································· 188
Configuration guidelines ························································································································· 188
Configuration procedure ························································································································· 188
Configuring source MAC-based ARP attack detection ·················································································· 189
Configuration procedure ························································································································· 189
Displaying and maintaining source MAC-based ARP attack detection ·················································· 189
Configuration example ··························································································································· 190
Configuring ARP packet source MAC consistency check ·············································································· 191
Configuring ARP active acknowledgement ···································································································· 191
Configuring authorized ARP ·························································································································· 192
Configuration procedure ························································································································· 192
Configuring ARP detection ····························································································································· 192
Configuring user validity check ·············································································································· 192
Configuring ARP packet validity check ·································································································· 193
Configuring ARP restricted forwarding ··································································································· 194
Enabling ARP detection logging ············································································································· 194
Displaying and maintaining ARP detection ···························································································· 195
User validity check and ARP packet validity check configuration example ············································ 195
Configuring ARP scanning and fixed ARP ····································································································· 196
Configuration restrictions and guidelines ······························································································· 197
Configuration procedure ························································································································· 197
Configuring ARP gateway protection ············································································································· 197
Configuration guidelines ························································································································· 197
Configuration procedure ························································································································· 198
Configuration example ··························································································································· 198
Configuring ARP filtering ································································································································ 199
Configuration guidelines ························································································································· 199
Configuration procedure ························································································································· 199
Configuration example ··························································································································· 199
Configuring uRPF ······················································································· 201
Overview ························································································································································ 201
uRPF check modes ································································································································ 201
uRPF operation ······································································································································ 201
Network application ································································································································ 204
Configuring uRPF ·········································································································································· 204
Displaying and maintaining uRPF ·················································································································· 204
uRPF configuration example ·························································································································· 205
Configuring FIPS ························································································· 206
Overview ························································································································································ 206
Configuration restrictions and guidelines ······································································································· 206
Configuring FIPS mode ·································································································································· 207
Entering FIPS mode ······························································································································· 207
Configuration changes in FIPS mode ···································································································· 208
Exiting FIPS mode ································································································································· 208
FIPS self-tests ················································································································································ 209
Power-up self-tests ································································································································ 209
Conditional self-tests ······························································································································ 210
Triggering self-tests ································································································································ 210
Displaying and maintaining FIPS ··················································································································· 210
FIPS configuration examples ························································································································· 211
Entering FIPS mode through automatic reboot ······················································································ 211
Entering FIPS mode through manual reboot ·························································································· 212
Exiting FIPS mode through automatic reboot ························································································ 213
Exiting FIPS mode through manual reboot ···························································································· 214
Configuring attack detection and prevention ··············································· 215
Overview ························································································································································ 215
v