H3C S5830V2 series, Security Configuration Manual, Page: 309 / 332

295
security ARP unresolvable IP attack protection
(displaying), 213
security ARP unresolvable IP attack protection
(source suppression), 213
security uRPF configuration, 227 , 230 , 231
IP addressing
security AAA HWTACACS outgoing packet
source IP address, 34
security AAA LDAP server IP address
configuration, 37
security AAA RADIUS outgoing packet source IP
address, 27
security AAA RADIUS security policy server IP
address configuration,
29
security ARP attack protection
configuration, 212
security ARP filtering configuration, 225
security ARP gateway protection, 224
security ARP user/packet validity check, 221
security SSH SFTP client source IP
address/interface, 171
security SSH Stelnet client source IP
address, 168
IP source guard
configuration, 202 , 203 , 206
displaying, 206
IPv4. See IPv4 source guard
IPv6. See IPv6 source guard
maintaining, 206
static binding entry, 202
ip validity check (ARP), 219
IPsec
ACL configuration, 245
ACL de-encapsulated packet check, 254
ACL IPsec anti-replay configuration, 254
ACL rule keywords, 245
ACL-based implementation, 244
ACL-based IPsec, 243
authentication, 243
authentication algorithms, 243
configuration, 240 , 258
configuration restrictions, 248
displaying, 257
encapsulation modes, 241
encryption, 243
encryption algorithms, 243
FIPS compliance, 244
IKE configuration, 264 , 266
IKE configuration (main mode/pre-shared key
authentication),
275
IKE DPD configuration, 273
IKE global identity information configuration, 271
IKE identity authentication, 265
IKE invalid SPI recovery, 273
IKE keepalive function configuration, 272
IKE keychain configuration, 270
IKE NAT keepalive function configuration, 272
IKE negotiation, 264
IKE negotiation failure (no proposal or keychain
referenced correctly), 278
IKE negotiation failure troubleshooting (no proposal
match), 278
IKE negotiation mode, 242
IKE profile configuration, 267
IKE proposal configuration, 269
IKE SA max number, 274
IKE security mechanism, 265
IKE troubleshooting, 278
IKE-based tunnel for IPv4 packets configuration, 261
implementation, 243
maintaining, 257
mirror image ACLs, 246
non-mirror image ACLs, 246
packet DF bit configuration, 256
packet logging enable, 256
policy application to interface, 253
policy configuration (IKE-based), 250
policy configuration (IKE-based/direct), 250
policy configuration (IKE-based/template), 251
policy configuration (manual), 248
policy configuration restrictions, 250
protocols and standards, 244
QoS pre-classify enable, 256
SA, 242
SA negotiation failure (invalid identity info), 279
SA negotiation failure (no transform set match), 279
security PKI configuration, 125 , 128 , 139
security protocols, 241
source interface policy bind, 255
transform set configuration, 246
tunnel establishment, 244