HP 3600 v2 Series Security Configuration Manual page 9

SFTP client configuration example ····························································································································· 300
SFTP server configuration example ···························································································································· 303
SSL configuration ···················································································································································· 306
SSL overview ································································································································································· 306
SSL security mechanism ······································································································································ 306
SSL protocol stack ··············································································································································· 307
SSL configuration task list ············································································································································ 307
Configuring an SSL server policy ······························································································································· 307
Configuration prerequisites ································································································································ 307
Configuration procedure ···································································································································· 308
SSL server policy configuration example ·········································································································· 309
Configuring an SSL client policy ································································································································ 310
Configuration prerequisites ································································································································ 311
Configuration procedure ···································································································································· 311
Displaying and maintaining SSL ································································································································· 311
Troubleshooting SSL ····················································································································································· 312
SSL handshake failure ········································································································································· 312
TCP attack protection configuration ······················································································································· 313
TCP attack protection overview ·································································································································· 313
Enabling the SYN Cookie feature ······························································································································ 313
Displaying and maintaining TCP attack protection ·································································································· 314
IP source guard configuration ································································································································ 315
IP source guard overview ············································································································································ 315
Static IP source guard binding entries ··············································································································· 315
Dynamic IP source guard binding entries ········································································································· 316
IP source guard configuration task list ······················································································································· 316
Configuring the IPv4 source guard function ·············································································································· 316
Configuring IPv4 source guard on a port ········································································································· 316
Configuring a static IPv4 source guard binding entry ····················································································· 317
Setting the maximum number of IPv4 source guard binding entries ····························································· 318
Configuring the IPv6 source guard function ·············································································································· 318
Configuring IPv6 source guard on a port ········································································································· 319
Configuring a static IPv6 source guard binding entry ····················································································· 319
Setting the maximum number of IPv6 source guard binding entries ····························································· 320
Displaying and maintaining IP source guard ············································································································ 320
IP source guard configuration examples ··················································································································· 321
Static IPv4 source guard binding entry configuration example ····································································· 321
Dynamic IPv4 source guard binding by DHCP snooping configuration example ······································· 323
Dynamic IPv4 source guard binding by DHCP relay configuration example ··············································· 324
Static IPv6 source guard binding entry configuration example ····································································· 325
Dynamic IPv6 source guard binding by DHCPv6 snooping configuration example ··································· 326
Dynamic IPv6 source guard binding by ND snooping configuration example ············································ 328
Troubleshooting IP source guard ································································································································ 329
Neither static binding entries nor the dynamic binding function can be configured ··································· 329
ARP attack protection configuration ······················································································································ 330
ARP attack protection overview ·································································································································· 330
ARP attack protection configuration task list ············································································································· 330
Configuring ARP defense against IP packet attacks ································································································· 331
Introduction ·························································································································································· 331
Configuring ARP source suppression ················································································································ 331
Enabling ARP black hole routing ······················································································································· 332
Displaying and maintaining ARP defense against IP packet attacks ····························································· 332
vii