HPE FlexNetwork 10500 Series Security Configuration Manual page 8

Enabling port security····································································································································· 244
Setting port security's limit on the number of secure MAC addresses on a port ············································ 244
Setting the port security mode ······················································································································· 245
Configuring port security features ·················································································································· 246
Configuring NTK ····································································································································· 246
Configuring intrusion protection ············································································································· 247
Configuring secure MAC addresses ·············································································································· 248
Configuration prerequisites ···················································································································· 248
Configuration procedure ························································································································· 249
Setting port security's limit on the number of MAC addresses for specific VLANs on a port ························· 249
Overview ················································································································································ 249
Configuration restrictions and guidelines ······························································································· 250
Configuration procedure ························································································································· 250
Ignoring authorization information from the server························································································· 250
Enabling MAC move ······································································································································ 250
Enabling the authorization-fail-offline feature ································································································· 251
Overview ················································································································································ 251
Configuration prerequisites ···················································································································· 251
Configuration procedure ························································································································· 251
Enabling open authentication mode ··············································································································· 251
Overview ················································································································································ 251
Configuration restrictions and guidelines ······························································································· 252
Configuration procedure ························································································································· 252
Configuring free VLANs for port security········································································································ 252
Applying a NAS-ID profile to port security ······································································································ 253
Enabling SNMP notifications for port security ································································································ 253
Enabling logging for port security users ········································································································· 254
Overview ················································································································································ 254
Configuration restrictions and guidelines ······························································································· 254
Configuration procedure ························································································································· 254
Displaying and maintaining port security········································································································ 254
Port security configuration examples ············································································································· 255
autoLearn configuration example ··········································································································· 255
userLoginWithOUI configuration example······························································································ 257
macAddressElseUserLoginSecure configuration example ···································································· 259
Troubleshooting port security ························································································································· 263
Cannot set the port security mode ········································································································· 263
Cannot configure secure MAC addresses ····························································································· 264
Configuring password control ···································································· 265
Overview ························································································································································ 265
Password setting ···································································································································· 265
Password updating and expiration ········································································································· 266
User login control ··································································································································· 267
Password not displayed in any form ······································································································ 268
Logging ·················································································································································· 268
FIPS compliance ············································································································································ 268
Password control configuration task list ········································································································· 268
Enabling password control ····························································································································· 269
Setting global password control parameters ·································································································· 269
Setting user group password control parameters ·························································································· 270
Setting local user password control parameters ···························································································· 271
Setting super password control parameters··································································································· 272
Displaying and maintaining password control ································································································ 273
Password control configuration example ······································································································· 273
Network requirements ···························································································································· 273
Configuration procedure ························································································································· 274
Verifying the configuration ······················································································································ 275
Configuring keychains ··············································································· 276
Overview ························································································································································ 276
Configuration procedure································································································································· 276
vi