vi
SFTP server configuration example ···························································································································· 209
Configuring SCP······················································································································································ 212
Overview······································································································································································· 212
Configuring the switch as an SCP server ·················································································································· 212
Configuring the switch as the SCP client ··················································································································· 213
SCP client configuration example······················································································································ 213
SCP server configuration example ···················································································································· 214
Configuring SSL······················································································································································· 216
Overview······································································································································································· 216
SSL security mechanism ······································································································································ 216
SSL protocol stack ··············································································································································· 216
Configuration task list ·················································································································································· 217
Configuring an SSL server policy ······························································································································· 217
SSL server policy configuration example ·········································································································· 219
Configuring an SSL client policy ································································································································ 220
Displaying and maintaining SSL································································································································· 221
Troubleshooting SSL ····················································································································································· 221
Configuring TCP attack protection ························································································································· 223
Overview······································································································································································· 223
Enabling the SYN Cookie feature ······························································································································ 223
Displaying and maintaining TCP attack protection ·································································································· 223
Configuring IP source guard ·································································································································· 225
Overview······································································································································································· 225
Static IP source guard entries ····························································································································· 225
Dynamic IP source guard entries ······················································································································· 225
Configuration task list ·················································································································································· 226
Configuring the IPv4 source guard function
·············································································································· 226
Configuring IPv4 source guard on a port ········································································································· 226
Configuring a static IPv4 source guard entry ··································································································· 227
Setting the maximum number of IPv4 source guard entries ············································································ 228
Displaying and maintaining IP source guard ············································································································ 228
IP source guard configuration examples ··················································································································· 228
Static IPv4 source guard configuration example ····························································································· 228
Dynamic IPv4 source guard using DHCP snooping configuration example ················································· 230
Dynamic IPv4 source guard using DHCP relay configuration example ························································ 232
Troubleshooting IP source guard ································································································································ 233
Configuring ARP attack protection························································································································· 234
Overview······································································································································································· 234
ARP attack protection configuration task list ············································································································· 234
Configuring ARP defense against IP packet attacks ································································································· 235
Configuring ARP source suppression ················································································································ 235
Enabling ARP black hole routing ······················································································································· 235
Displaying and maintaining ARP defense against IP packet attacks ····························································· 236
Configuration example ······································································································································· 236
Configuring ARP packet rate limit ······························································································································ 237
Introduction ·························································································································································· 237
Configuration procedure ···································································································································· 237
Configuring source MAC address based ARP attack detection ············································································· 238
Configuration procedure ···································································································································· 238
Displaying and maintaining source MAC address based ARP attack detection·········································· 238
Configuration example ······································································································································· 239
Configuring ARP packet source MAC address consistency check ········································································· 240