HPE Moonshot 45Gc Security Configuration Manual page 10

Specifying public key algorithms for SSH2 ···························································································· 345
Specifying encryption algorithms for SSH2 ···························································································· 345
Specifying MAC algorithms for SSH2 ···································································································· 346
Displaying and maintaining SSH ···················································································································· 346
Stelnet configuration examples ······················································································································ 346
Password authentication enabled Stelnet server configuration example ··············································· 346
Publickey authentication enabled Stelnet server configuration example ··············································· 349
Password authentication enabled Stelnet client configuration example ················································ 354
Publickey authentication enabled Stelnet client configuration example ················································· 358
Stelnet configuration example based on 128-bit Suite B algorithms ······················································ 360
SFTP configuration examples ························································································································ 364
Password authentication enabled SFTP server configuration example ················································· 364
Publickey authentication enabled SFTP client configuration example ··················································· 366
SFTP configuration example based on 192-bit Suite B algorithms ························································ 370
SCP configuration examples ·························································································································· 374
SCP configuration example with password authentication ···································································· 374
SCP configuration example based on Suite B algorithms ······································································ 376
NETCONF over SSH configuration example with password authentication ·················································· 382
Network requirements ···························································································································· 383
Configuration procedure ························································································································· 383
Verifying the configuration ······················································································································ 384
Configuring SSL ·························································································· 385
Overview ························································································································································ 385
SSL security services ····························································································································· 385
SSL protocol stack ································································································································· 385
FIPS compliance ············································································································································ 386
SSL configuration task list ······························································································································ 386
Configuring an SSL server policy ··················································································································· 386
Configuring an SSL client policy ···················································································································· 388
Displaying and maintaining SSL ···················································································································· 390
Configuring IP source guard ······································································· 391
Overview ························································································································································ 391
Static IPSG bindings ······························································································································ 391
Dynamic IPSG bindings ························································································································· 392
IPSG configuration task list ···························································································································· 392
Configuring the IPv4SG feature ····················································································································· 393
Enabling IPv4SG on an interface ··········································································································· 393
Configuring a static IPv4SG binding ······································································································ 393
Configuring the IPv6SG feature ····················································································································· 394
Enabling IPv6SG on an interface ··········································································································· 394
Configuring a static IPv6SG binding ······································································································ 395
Displaying and maintaining IPSG ·················································································································· 396
IPSG configuration examples ························································································································ 396
Static IPv4SG configuration example ····································································································· 396
Dynamic IPv4SG using DHCP snooping configuration example ··························································· 397
Dynamic IPv4SG using DHCP relay configuration example ·································································· 398
Static IPv6SG configuration example ····································································································· 399
Dynamic IPv6SG using DHCPv6 snooping configuration example ······················································· 400
Configuring ARP attack protection ······························································ 402
ARP attack protection configuration task list ·································································································· 402
Configuring unresolvable IP attack protection ······························································································· 402
Configuring ARP source suppression ···································································································· 403
Configuring ARP blackhole routing ········································································································ 403
Displaying and maintaining unresolvable IP attack protection ······························································· 403
Configuration example ··························································································································· 404
Configuring ARP packet rate limit ·················································································································· 404
Configuration guidelines ························································································································· 405
Configuration procedure ························································································································· 405
Configuring source MAC-based ARP attack detection ·················································································· 405
viii