iv
Cannot configure secure MAC addresses ········································································································ 132
Cannot change port security mode when a user is online·············································································· 133
Configuring a user profile ······································································································································ 134
Overview······································································································································································· 134
User profile configuration task list ······························································································································ 134
Creating a user profile ················································································································································ 134
Applying a QoS policy ··············································································································································· 135
Enabling a user profile ················································································································································ 135
Displaying and maintaining user profiles ·················································································································· 136
Configuring password control································································································································ 137
Overview······································································································································································· 137
Password control configuration task list
····················································································································· 139
Configuring password control ···································································································································· 140
Enabling password control
································································································································· 140
Setting global password control parameters
···································································································· 141
Setting user group password control parameters ···························································································· 142
Setting local user password control parameters ······························································································ 142
Setting super password control parameters ····································································································· 143
Setting a local user password in interactive mode ·························································································· 144
Displaying and maintaining password control ········································································································· 144
Password control configuration example ·················································································································· 144
Managing public keys ············································································································································ 147
Overview······································································································································································· 147
Configuration task list ·················································································································································· 147
Creating a local asymmetric key pair
························································································································ 148
Displaying or exporting the local host public key ···································································································· 148
Destroying a local asymmetric key pair ···················································································································· 150
Specifying the peer public key on the local device·································································································· 150
Displaying and maintaining public keys ··················································································································· 151
Public key configuration examples ····························································································································· 151
Manually specifying the peer public key on the local device ········································································ 151
Importing a peer public key from a public key file·························································································· 153
Configuring PKI ······················································································································································· 156
Overview······································································································································································· 156
PKI terms ······························································································································································· 156
PKI architecture ···················································································································································· 157
PKI operation ······················································································································································· 157
PKI applications ··················································································································································· 158
PKI configuration task list ············································································································································ 158
Configuring an entity DN
············································································································································ 159
Configuring a PKI domain··········································································································································· 160
Configuration guidelines ···································································································································· 161
Configuration procedure ···································································································································· 161
Submitting a PKI certificate request ···························································································································· 161
Submitting a certificate request in auto mode ·································································································· 162
Submitting a certificate request in manual mode ····························································································· 162
Retrieving a certificate manually ································································································································ 163
Configuration guidelines ···································································································································· 163
Configuration procedure ···································································································································· 164
Configuring PKI certificate verification ······················································································································ 164
Configuration guidelines ···································································································································· 164
Configuring CRL-checking-enabled PKI certificate verification ······································································· 164