HPE FlexNetwork 7500 Series Security Configuration Manual page 11
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (597 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
TCP fragment attack ······························································································································ 390
Login DoS attack ···································································································································· 390
Login dictionary attack ··························································································································· 390
Blacklist feature ·············································································································································· 390
Attack detection and prevention configuration task list ·················································································· 391
Configuring an attack defense policy ············································································································· 391
Creating an attack defense policy ·········································································································· 391
Configuring a single-packet attack defense policy ················································································· 391
Configuring a scanning attack defense policy ························································································ 393
Configuring a flood attack defense policy ······························································································ 393
Configuring attack detection exemption ································································································· 398
Applying an attack defense policy to an interface ·················································································· 398
Applying an attack defense policy to the device ···················································································· 399
Enabling log non-aggregation for single-packet attack events ······························································· 399
Configuring TCP fragment attack prevention ································································································· 400
Configuring the IP blacklist feature ················································································································ 400
Configuring login attack prevention ················································································································ 401
Enabling the login delay ································································································································· 401
Displaying and maintaining attack detection and prevention ········································································· 402
Attack detection and prevention configuration examples ··············································································· 404
Interface-based attack detection and prevention configuration example ··············································· 404
IP blacklist configuration example ·········································································································· 407
Configuring MACsec ··················································································· 409
Overview ························································································································································ 409
Basic concepts ······································································································································· 409
MACsec services ··································································································································· 409
MACsec applications ······························································································································ 410
MACsec operating mechanism ·············································································································· 410
Protocols and standards ························································································································ 412
Feature and hardware compatibility ··············································································································· 412
General restrictions and guidelines ················································································································ 412
MACsec configuration task list ······················································································································· 413
Enabling MKA ················································································································································ 413
Enabling MACsec desire ································································································································ 413
Configuring a preshared key ·························································································································· 414
Configuring the MKA key server priority ········································································································ 414
Configuring MACsec protection parameters in interface view ······································································· 415
Configuring the MACsec confidentiality offset ························································································ 415
Configuring MACsec replay protection ··································································································· 415
Configuring the MACsec validation mode ······························································································ 416
Configuring MACsec protection parameters by MKA policy ·········································································· 416
Configuring an MKA policy ····················································································································· 416
Applying an MKA policy ························································································································· 417
Displaying and maintaining MACsec ············································································································· 417
Device-oriented MACsec configuration example ··························································································· 418
Network requirements ···························································································································· 418
Configuration procedure ························································································································· 418
Verifying the configuration ······················································································································ 419
Troubleshooting MACsec ······························································································································· 421
Configuring MFF ························································································· 422
Overview ························································································································································ 422
Basic concepts ······································································································································· 423
MFF operation modes ···························································································································· 423
MFF working mechanism ······················································································································· 424
Protocols and standards ························································································································ 424
Configuring MFF ············································································································································ 424
Enabling MFF ········································································································································· 424
Configuring a network port ····················································································································· 425
Enabling periodic gateway probe ··········································································································· 425
Specifying the IP addresses of servers ·································································································· 425
ix
Advertisement
Table of Contents
Troubleshooting
