SSL configuration ···················································································································································· 280
SSL overview ································································································································································· 280
SSL security mechanism ······································································································································ 280
SSL protocol stack ··············································································································································· 281
FIPS compliance ··························································································································································· 282
SSL configuration task list ············································································································································ 282
Configuring an SSL server policy ······························································································································· 282
Configuration prerequisites ································································································································ 282
Configuration procedure ···································································································································· 282
Configuring an SSL client policy ································································································································ 285
Configuration prerequisites ································································································································ 285
Configuration procedure ···································································································································· 285
Displaying and maintaining SSL ································································································································· 286
Troubleshooting SSL ····················································································································································· 286
SSL handshake failure ········································································································································· 286
TCP attack protection overview ·································································································································· 288
Enabling the SYN Cookie feature ······························································································································ 288
IP source guard configuration ································································································································ 290
IP source guard overview ············································································································································ 290
IP source guard entries ················································································································································ 290
Configuring IPv4 source guard ··································································································································· 291
Configuring IPv6 source guard ··································································································································· 293
Troubleshooting IP source guard ································································································································ 303
ARP attack protection overview ·································································································································· 304
Configuring ARP packet rate limit ····················································································································· 305
Introduction ·························································································································································· 306
Configuration procedure ···································································································································· 306
vii