H3C S5830V2 series, Руководство по настройке безопасности, Страница: 313 / 332

299
need to know. Use NTK
negotiating
security IPsec IKE negotiation, 264
security IPsec IKE negotiation mode, 242
network
IPv4 source guard dynamic binding entries, 203
port security feature configuration, 92
port security features, 86
port security intrusion protection
configuration, 92
port security MAC address learning control, 88
port security mode, 86 , 91
port security NTK configuration, 92
port security secure MAC address
configuration,
93
port security secure MAC address port limit, 90
security 802.1X access control method, 70
security 802.1X architecture, 59
security 802.1X authentication request max
number attempts, 71
security 802.1X authentication server timeout
timer, 71
security 802.1X authentication trigger
function,
72
security 802.1X authorization state, 70
security 802.1X EAP relay authentication, 64
security 802.1X EAP relay enable, 69
security 802.1X EAP termination enable, 69
security 802.1X online user handshake
function, 72
security 802.1X periodic online user
re-authentication,
74
security 802.1X port max number users, 70
security AAA device implementation, 11
security AAA HWTACACS implementation, 7
security AAA HWTACACS scheme
configuration, 30
security AAA ISP domain accounting methods
configuration, 43
security AAA ISP domain authentication
methods configuration,
41
security AAA ISP domain authorization
methods,
42
security AAA ISP domain creation, 40
security AAA ISP domain methods
configuration, 39
security AAA ISP domain status configuration, 40
security AAA LDAP implementation, 9
security AAA LDAP scheme configuration, 36
security AAA local user configuration, 18
security AAA MPLS L3VPN implementation, 13
security AAA network access user configuration, 18
security AAA RADIUS implementation, 2
security AAA RADIUS scheme configuration, 22
security AAA scheme configuration, 18
security ARP active acknowledgement, 218
security ARP attack protection (unresolvable IP
attack), 212
security ARP automatic scanning, 222
security ARP blackhole routing, 213
security ARP detection configuration, 218
security ARP filtering, 224 , 225
security ARP gateway protection, 223 , 224
security ARP packet rate limit configuration, 214
security ARP packet source MAC consistency
check, 218
security ARP packet validity check, 219
security ARP restricted forwarding, 220
security ARP source MAC-based attack
detection, 215 , 216
security ARP source suppression, 213
security ARP unresolvable IP attack protection, 213
security ARP user validity check, 218
security ARP user/packet validity check, 221
security fixed ARP configuration, 222
security IP source guard static binding entry, 202
security IPsec ACL configuration, 245
security IPsec ACL de-encapsulated packet
check, 254
security IPsec ACL-based implementation, 243 , 244
security IPsec anti-replay configuration, 254
security IPsec implementation, 243
security IPsec packet DF bit, 256
security IPsec packet logging enable, 256
security IPsec policy application to interface, 253
security IPsec policy configuration (IKE-based), 250
security IPsec policy configuration
(IKE-based/direct), 250
security IPsec policy configuration
(IKE-based/template), 251
security IPsec policy configuration (manual), 248
security IPsec QoS pre-classify enable, 256