HP 5120 SI Series Security Configuration Manual page 9

SCP client configuration example ······················································································································ 277
SCP server configuration example ···················································································································· 278
SSL configuration ···················································································································································· 280
SSL overview ································································································································································· 280
SSL security mechanism ······································································································································ 280
SSL protocol stack ··············································································································································· 281
FIPS compliance ··························································································································································· 282
SSL configuration task list ············································································································································ 282
Configuring an SSL server policy ······························································································································· 282
Configuration prerequisites ································································································································ 282
Configuration procedure ···································································································································· 282
SSL server policy configuration example ·········································································································· 283
Configuring an SSL client policy ································································································································ 285
Configuration prerequisites ································································································································ 285
Configuration procedure ···································································································································· 285
Displaying and maintaining SSL ································································································································· 286
Troubleshooting SSL ····················································································································································· 286
SSL handshake failure ········································································································································· 286
TCP attack protection configuration ······················································································································· 288
TCP attack protection overview ·································································································································· 288
Enabling the SYN Cookie feature ······························································································································ 288
Enabling protection against Naptha attacks ············································································································· 289
Displaying and maintaining TCP attack protection ·································································································· 289
IP source guard configuration ································································································································ 290
IP source guard overview ············································································································································ 290
IP source guard entries ················································································································································ 290
Configuring IPv4 source guard ··································································································································· 291
Configuring static IPv4 source guard ················································································································ 291
Configuring dynamic IPv4 source guard ·········································································································· 292
Setting the maximum number of IPv4 source guard entries ············································································ 293
Configuring IPv6 source guard ··································································································································· 293
Configuring static IPv6 source guard ················································································································ 293
Configuring dynamic IPv6 source guard ·········································································································· 294
Setting the maximum number of IPv6 source guard entries ············································································ 295
Displaying and maintaining IP source guard ············································································································ 295
IP source guard configuration examples ··················································································································· 296
Static IPv4 source guard configuration example ····························································································· 296
Dynamic IPv4 source guard using DHCP snooping configuration example ················································· 297
Dynamic IPv4 source guard using DHCP relay configuration example ························································ 299
Static IPv6 source guard configuration example ····························································································· 300
Dynamic IPv6 source guard using DHCPv6 snooping configuration example ············································· 300
Dynamic IPv6 source guard using ND snooping configuration example ····················································· 302
Troubleshooting IP source guard ································································································································ 303
Neither static nor dynamic IP source guard can be configured ····································································· 303
ARP attack protection configuration ······················································································································ 304
ARP attack protection overview ·································································································································· 304
ARP attack protection configuration task list ············································································································· 304
Configuring ARP packet rate limit ······························································································································ 305
Configuring ARP packet rate limit ····················································································································· 305
Configuring source MAC address based ARP attack detection ············································································· 306
Introduction ·························································································································································· 306
Configuration procedure ···································································································································· 306
vii