H3C Technologies H3C S12500-X Series Switches User Manual
Page 8
iii
Configuring port security ··········································································································································· 89
Overview ········································································································································································· 89
Port security features ············································································································································· 89
Port security modes ··············································································································································· 89
Configuration task list ···················································································································································· 92
Enabling port security ···················································································································································· 93
Setting port security's limit on the number of secure MAC addresses on a port ···················································· 93
Setting the port security mode ······································································································································ 94
Configuring port security features ································································································································ 95
Configuring NTK ··················································································································································· 95
Configuring intrusion protection ·························································································································· 95
Configuring secure MAC addresses ···························································································································· 96
Configuration prerequisites ·································································································································· 96
Configuration procedure ······································································································································ 97
Ignoring authorization information from the server ···································································································· 97
Enabling MAC move ····················································································································································· 97
Displaying and maintaining port security ···················································································································· 98
Port security configuration examples ··························································································································· 98
autoLearn configuration example ························································································································ 98
userLoginWithOUI configuration example ······································································································· 100
macAddressElseUserLoginSecure configuration example ··············································································· 103
Troubleshooting port security ······································································································································ 106
Cannot set the port security mode ····················································································································· 106
Cannot configure secure MAC addresses ········································································································ 106
Configuring password control ································································································································ 107
Overview ······································································································································································· 107
Password setting ·················································································································································· 107
Password updating and expiration ··················································································································· 108
User login control ················································································································································ 109
Password not displayed in any form ················································································································· 109
Logging ································································································································································· 110
FIPS compliance ··························································································································································· 110
Password control configuration task list ····················································································································· 110
Enabling password control ········································································································································· 110
Setting global password control parameters ············································································································ 111
Setting user group password control parameters ····································································································· 112
Setting local user password control parameters ······································································································· 113
Setting super password control parameters ·············································································································· 114
Displaying and maintaining password control ········································································································· 114
Password control configuration example ·················································································································· 115
Network requirements ········································································································································· 115
Configuration procedure ···································································································································· 115
Verifying the configuration ································································································································· 116
Managing public keys ············································································································································ 118
Overview ······································································································································································· 118
FIPS compliance ··························································································································································· 118
Creating a local key pair ············································································································································ 119
Configuration guidelines ···································································································································· 119
Configuration procedure ···································································································································· 119
Distributing a local host public key ···························································································································· 120
Exporting a host public key in a specific format to a file ················································································ 120
Displaying a host public key in a specific format and saving it to a file ······················································ 121
Displaying a host public key ······························································································································ 121