vii
SFTP client configuration example ····························································································································· 300
SFTP server configuration example ···························································································································· 303
SSL configuration ···················································································································································· 306
SSL overview ································································································································································· 306
SSL security mechanism ······································································································································ 306
SSL protocol stack ··············································································································································· 307
SSL configuration task list ············································································································································ 307
Configuring an SSL server policy ······························································································································· 307
Configuration prerequisites ································································································································ 307
Configuration procedure ···································································································································· 308
SSL server policy configuration example ·········································································································· 309
Configuring an SSL client policy ································································································································ 310
Configuration prerequisites ································································································································ 311
Configuration procedure ···································································································································· 311
Displaying and maintaining SSL ································································································································· 311
Troubleshooting SSL ····················································································································································· 312
SSL handshake failure ········································································································································· 312
TCP attack protection configuration ······················································································································· 313
TCP attack protection overview ·································································································································· 313
Enabling the SYN Cookie feature ······························································································································ 313
Displaying and maintaining TCP attack protection ·································································································· 314
IP source guard configuration ································································································································ 315
IP source guard overview ············································································································································ 315
Static IP source guard binding entries ··············································································································· 315
Dynamic IP source guard binding entries ········································································································· 316
IP source guard configuration task list ······················································································································· 316
Configuring the IPv4 source guard function ·············································································································· 316
Configuring IPv4 source guard on a port ········································································································· 316
Configuring a static IPv4 source guard binding entry ····················································································· 317
Setting the maximum number of IPv4 source guard binding entries ····························································· 318
Configuring the IPv6 source guard function ·············································································································· 318
Configuring IPv6 source guard on a port ········································································································· 319
Configuring a static IPv6 source guard binding entry ····················································································· 319
Setting the maximum number of IPv6 source guard binding entries ····························································· 320
Displaying and maintaining IP source guard ············································································································ 320
IP source guard configuration examples ··················································································································· 321
Static IPv4 source guard binding entry configuration example ····································································· 321
Dynamic IPv4 source guard binding by DHCP snooping configuration example ······································· 323
Dynamic IPv4 source guard binding by DHCP relay configuration example ··············································· 324
Static IPv6 source guard binding entry configuration example ····································································· 325
Dynamic IPv6 source guard binding by DHCPv6 snooping configuration example ··································· 326
Dynamic IPv6 source guard binding by ND snooping configuration example ············································ 328
Troubleshooting IP source guard ································································································································ 329
Neither static binding entries nor the dynamic binding function can be configured ··································· 329
ARP attack protection configuration ······················································································································ 330
ARP attack protection overview ·································································································································· 330
ARP attack protection configuration task list ············································································································· 330
Configuring ARP defense against IP packet attacks ································································································· 331
Introduction ·························································································································································· 331
Configuring ARP source suppression ················································································································ 331
Enabling ARP black hole routing ······················································································································· 332
Displaying and maintaining ARP defense against IP packet attacks ····························································· 332
To Next Page
Loading...
Need help?
General