HPE FlexNetwork 10500 Series Security Configuration Manual page 15

IPv6 uRPF configuration example ················································································································· 548
Configuring MFF ························································································ 550
Overview ························································································································································ 550
Basic concepts ······································································································································· 551
MFF operation mode ······························································································································ 551
MFF working mechanism ······················································································································· 552
Protocols and standards ························································································································ 552
Configuration procedure································································································································· 552
Enabling MFF ········································································································································· 552
Configuring a network port ····················································································································· 552
Enabling periodic gateway probe ··········································································································· 553
Specifying the IP addresses of servers ·································································································· 553
Displaying and maintaining MFF ···················································································································· 553
MFF configuration examples ·························································································································· 554
Manual-mode MFF configuration example in a tree network ································································· 554
Manual-mode MFF configuration example in a ring network ································································· 555
Configuring FIPS ······················································································· 557
Overview ························································································································································ 557
Configuration restrictions and guidelines ······································································································· 557
Configuring FIPS mode ·································································································································· 558
Entering FIPS mode ······························································································································· 558
Configuration changes in FIPS mode ···································································································· 559
Exiting FIPS mode ································································································································· 560
FIPS self-tests ················································································································································ 560
Power-up self-tests ································································································································ 561
Conditional self-tests ······························································································································ 561
Triggering self-tests ································································································································ 562
Displaying and maintaining FIPS ··················································································································· 562
FIPS configuration examples ························································································································· 562
Entering FIPS mode through automatic reboot ······················································································ 562
Entering FIPS mode through manual reboot ·························································································· 563
Exiting FIPS mode through automatic reboot ························································································ 565
Exiting FIPS mode through manual reboot ···························································································· 565
Configuring MACsec ·················································································· 567
Overview ························································································································································ 567
Basic concepts ······································································································································· 567
MACsec services ··································································································································· 567
MACsec applications ······························································································································ 568
MACsec operating mechanism ·············································································································· 568
Protocols and standards ························································································································ 570
Feature and hardware compatibility ··············································································································· 570
General restrictions and guidelines ················································································································ 570
MACsec configuration task list ······················································································································· 571
Enabling MKA ················································································································································ 571
Enabling MACsec desire ································································································································ 572
Configuring a preshared key ·························································································································· 572
Configuring the MKA key server priority ········································································································ 573
Configuring MACsec protection parameters in interface view ······································································· 573
Configuring the MACsec confidentiality offset························································································ 573
Configuring MACsec replay protection··································································································· 574
Configuring the MACsec validation mode ······························································································ 574
Configuring MACsec protection parameters by MKA policy ·········································································· 575
Configuring an MKA policy ····················································································································· 575
Applying an MKA policy ························································································································· 575
Enabling MKA session logging······················································································································· 576
Overview ················································································································································ 576
Configuration restrictions and guidelines ······························································································· 576
Configuration procedure ························································································································· 576
Displaying and maintaining MACsec·············································································································· 576
xiii