iii
Configuring NTK ··················································································································································· 92
Configuring intrusion protection ·························································································································· 93
Configuring secure MAC addresses ···························································································································· 94
Configuration prerequisites ·································································································································· 94
Configuration procedure ······································································································································ 94
Ignoring authorization information from the server ···································································································· 95
Displaying and maintaining port security···················································································································· 95
autoLearn configuration example ································································································································· 96
Network requirements··········································································································································· 96
Configuration procedure ······································································································································ 96
Verifying the configuration ··································································································································· 96
userLoginWithOUI configuration example ·················································································································· 97
Network requirements··········································································································································· 97
Configuration procedure ······································································································································ 98
Verifying the configuration ··································································································································· 99
macAddressElseUserLoginSecure configuration example ······················································································· 101
Network requirements········································································································································· 101
Configuration procedure ···································································································································· 101
Verifying the configuration ································································································································· 102
Troubleshooting port security ······································································································································ 104
Cannot set the port security mode ····················································································································· 104
Cannot configure secure MAC addresses ········································································································ 104
Configuring password control································································································································ 105
Overview······································································································································································· 105
Password setting ·················································································································································· 105
Password updating and expiration ··················································································································· 106
User login control ················································································································································ 107
Password not displayed in any form ················································································································· 108
Logging
································································································································································· 108
FIPS compliance ··························································································································································· 108
Password control configuration task list
····················································································································· 108
Enabling password control ········································································································································· 108
Setting global password control parameters ············································································································ 109
Setting user group password control parameters ····································································································· 110
Setting local user password control parameters ······································································································· 110
Setting super password control parameters ·············································································································· 111
Displaying and maintaining password control ········································································································· 112
Password control configuration example ·················································································································· 112
Managing public keys ············································································································································ 115
Overview······································································································································································· 115
FIPS compliance ··························································································································································· 115
Creating a local key pair ············································································································································ 116
Configuration guidelines ···································································································································· 116
Configuration procedure ···································································································································· 116
Distributing a local host public key ···························································································································· 117
Exporting a host public key in a specific format to a file················································································ 117
Displaying a host public key in a specific format and saving it to a file ······················································ 117
Displaying a host public key ······························································································································ 118
Destroying a local key pair ········································································································································· 118
Configuring a peer public key···································································································································· 119
Importing a peer host public key from a public key file·················································································· 119
Entering a peer public key ································································································································· 119
Displaying and maintaining public keys ··················································································································· 120