Ignoring authorization information from the server ···································································································· 94

Displaying and maintaining port security ···················································································································· 94

Port security configuration examples ··························································································································· 95

autoLearn configuration example ························································································································ 95

userLoginWithOUI configuration example ········································································································· 96

macAddressElseUserLoginSecure configuration example ················································································· 99

Troubleshooting port security ······································································································································ 102

Cannot set the port security mode ····················································································································· 102

Cannot configure secure MAC addresses ········································································································ 103

Configuring password control ································································································································ 104

Overview ······································································································································································· 104

Password setting ·················································································································································· 104

Password updating and expiration ··················································································································· 105

User login control ················································································································································ 106

Password not displayed in any form ················································································································· 106

Logging ································································································································································· 107

FIPS compliance ··························································································································································· 107

Password control configuration task list ····················································································································· 107

Enabling password control ········································································································································· 107

Setting global password control parameters ············································································································ 108

Setting user group password control parameters ····································································································· 109

Setting local user password control parameters ······································································································· 109

Setting super password control parameters ·············································································································· 110

Displaying and maintaining password control ········································································································· 111

Password control configuration example ·················································································································· 111

Network requirements ········································································································································· 111

Configuration procedure ···································································································································· 112

Verifying the configuration ································································································································· 113

Managing public keys ············································································································································ 115

Creating a local key pair ············································································································································ 116

Configuration guidelines ···································································································································· 116

Distributing a local host public key ···························································································································· 117

Exporting a host public key in a specific format to a file ················································································ 117

Displaying a host public key in a specific format and saving it to a file ······················································ 118

Displaying a host public key ······························································································································ 118

Destroying a local key pair ········································································································································· 118

Configuring a peer public key ···································································································································· 119

Importing a peer host public key from a public key file ·················································································· 119

Entering a peer public key ································································································································· 119

Displaying and maintaining public keys ··················································································································· 120

Examples of public key management ························································································································ 120

Example for entering a peer public key ············································································································ 120

Example for importing a public key from a public key file ············································································· 122

Configuring PKI ······················································································································································· 125

PKI terminology ···················································································································································· 125

PKI architecture ···················································································································································· 126

PKI operation ······················································································································································· 127

PKI applications ··················································································································································· 127

PKI across VPNs ·················································································································································· 127

iii