HPE FlexFabric 5940 SERIES

To Next Page

To Previous Page

SFTP configuration examples ························································································································ 398

Password authentication enabled SFTP server configuration example ················································· 398

Publickey authentication enabled SFTP client configuration example ··················································· 401

SFTP configuration example based on 192-bit Suite B algorithms ························································ 404

SCP configuration examples ·························································································································· 408

SCP configuration example with password authentication ···································································· 408

SCP configuration example based on Suite B algorithms ······································································ 409

NETCONF over SSH configuration example with password authentication ·················································· 416

Network requirements ···························································································································· 416

Verifying the configuration ······················································································································ 418

Configuring SSL ·························································································· 419

Overview ························································································································································ 419

SSL security services ····························································································································· 419

SSL protocol stack ································································································································· 419

FIPS compliance ············································································································································ 420

SSL configuration task list ······························································································································ 420

Configuring an SSL server policy ··················································································································· 420

Configuring an SSL client policy ···················································································································· 422

Displaying and maintaining SSL ···················································································································· 424

Configuring attack detection and prevention ··············································· 425

Attacks that the device can prevent ··············································································································· 425

Single-packet attacks ····························································································································· 425

Scanning attacks ···································································································································· 426

Flood attacks ·········································································································································· 427

TCP fragment attack ······························································································································ 428

Login dictionary attack ··························································································································· 428

Attack detection and prevention configuration task list ·················································································· 428

Configuring an attack defense policy ············································································································· 429

Creating an attack defense policy ·········································································································· 429

Configuring a single-packet attack defense policy ················································································· 429

Configuring a scanning attack defense policy ························································································ 430

Configuring a flood attack defense policy ······························································································ 431

Configuring attack detection exemption ································································································· 435

Applying an attack defense policy to the device ···················································································· 435

Enabling log non-aggregation for single-packet attack events ······························································· 436

Configuring TCP fragment attack prevention ································································································· 436

Enabling the login delay ································································································································· 437

Displaying and maintaining attack detection and prevention ········································································· 437

Attack detection and prevention configuration examples ··············································································· 438

Attack defense policy device application configuration example ··························································· 438

Configuring TCP attack prevention ····························································· 442

Configuring Naptha attack prevention ············································································································ 442

Configuring IP source guard ······································································· 443

Static IPSG bindings ······························································································································ 443

Dynamic IPSG bindings ························································································································· 444

IPSG configuration task list ···························································································································· 444

Configuring the IPv4SG feature ····················································································································· 445

Enabling IPv4SG on an interface ··········································································································· 445

Configuring a static IPv4SG binding ······································································································ 445

Configuring the IPv6SG feature ····················································································································· 446

Enabling IPv6SG on an interface ··········································································································· 446

Configuring a static IPv6SG binding ······································································································ 447

Displaying and maintaining IPSG ·················································································································· 447

IPSG configuration examples ························································································································ 448

Static IPv4SG configuration example ····································································································· 448