HPE FlexNetwork 5510 HI Series Security Configuration Manual page 10

Specifying algorithms for SSH2 ································································································· 351
Specifying key exchange algorithms for SSH2 ······································································· 352
Specifying public key algorithms for SSH2 ············································································ 352
Specifying encryption algorithms for SSH2 ············································································ 352
Specifying MAC algorithms for SSH2 ··················································································· 353
Displaying and maintaining SSH ······························································································· 353
Stelnet configuration examples ································································································· 353
Password authentication enabled Stelnet server configuration example ······································ 354
Publickey authentication enabled Stelnet server configuration example······································· 356
Password authentication enabled Stelnet client configuration example ······································· 362
Publickey authentication enabled Stelnet client configuration example ········································ 365
Stelnet configuration example based on 128-bit Suite B algorithms ············································ 367
SFTP configuration examples ··································································································· 371
Password authentication enabled SFTP server configuration example ········································ 372
Publickey authentication enabled SFTP client configuration example ········································· 374
SFTP configuration example based on 192-bit Suite B algorithms ·············································· 377
SCP configuration examples ···································································································· 381
SCP file transfer with password authentication ······································································· 381
SCP configuration example based on Suite B algorithms ························································· 383
NETCONF over SSH configuration example with password authentication ········································· 390
Network requirements ······································································································ 390
Configuration procedure ··································································································· 391
Verifying the configuration ································································································· 392
Configuring SSL ··········································································· 393
Overview ······························································································································ 393
SSL security services ······································································································· 393
SSL protocol stack ··········································································································· 393
FIPS compliance···················································································································· 394
SSL configuration task list ········································································································ 394
Configuring an SSL server policy ······························································································· 394
Configuring an SSL client policy ································································································ 397
Displaying and maintaining SSL ································································································ 399
Configuring IP source guard ··························································· 400
Overview ······························································································································ 400
Static IPSG bindings ········································································································ 400
Dynamic IPSG bindings ···································································································· 401
IPSG configuration task list ······································································································ 401
Configuring the IPv4SG feature ································································································· 402
Enabling IPv4SG on an interface ························································································ 402
Configuring a static IPv4SG binding ···················································································· 402
Configuring the IPv6SG feature ································································································· 403
Enabling IPv6SG on an interface ························································································ 403
Configuring a static IPv6SG binding ···················································································· 404
Displaying and maintaining IPSG ······························································································ 405
IPSG configuration examples ··································································································· 405
Static IPv4SG configuration example ··················································································· 405
Dynamic IPv4SG using DHCP snooping configuration example ················································ 406
Dynamic IPv4SG using DHCP relay agent configuration example ·············································· 407
Static IPv6SG configuration example ··················································································· 408
Dynamic IPv6SG using DHCPv6 snooping configuration example ············································· 409
Configuring ARP attack protection ··················································· 411
ARP attack protection configuration task list ················································································ 411
Configuring unresolvable IP attack protection ··············································································· 411
Configuring ARP source suppression ··················································································· 412
Configuring ARP blackhole routing ······················································································ 412
Displaying and maintaining unresolvable IP attack protection ···················································· 412
Configuration example ······································································································ 413
Configuring ARP packet rate limit ······························································································ 413
Configuration guidelines ··································································································· 414
viii