beautypg.com
Manuals
Brands
HP Manuals
Switch
5120 SI Series
HP 5120 SI Series Manuals
Manuals and User Guides for HP 5120 SI Series. We have
4
HP 5120 SI Series manuals available for free PDF download: Command Reference Manual, Security Configuration Manual, Installation Manual, Specification
HP 5120 SI Series Command Reference Manual (395 pages)
Brand:
HP
| Category:
Switch
| Size: 1.92 MB
Table of Contents
Command Reference
1
Table of Contents
3
AAA Configuration Commands
12
General AAA Configuration Commands
12
Aaa Nas-ID Profile
12
Access-Limit Enable
12
Accounting Command
13
Accounting Default
14
Accounting Lan-Access
15
Accounting Login
15
Accounting Optional
16
Accounting Portal
17
Authentication Default
18
Authentication Lan-Access
19
Authentication Login
19
Authentication Portal
20
Authentication Super
21
Authorization Command
22
Authorization Default
23
Authorization Lan-Access
24
Authorization Login
25
Authorization Portal
26
Authorization-Attribute User-Profile
26
Cut Connection
27
Display Connection
28
Display Domain
31
Domain
32
Domain Default Enable
33
Idle-Cut Enable
34
Nas-ID Bind Vlan
35
Self-Service-Url Enable
35
State
36
Local User Configuration Commands
37
Access-Limit
37
Authorization-Attribute (Local User View/User Group View)
38
Bind-Attribute
39
Display Local-User
40
Display User-Group
42
Expiration-Date (Local User View)
43
Group
44
Local-User
44
Password
45
Service-Type
46
State(Local User View)
47
User-Group
48
RADIUS Configuration Commands
49
Accounting-On Enable
49
Attribute 25 Car
50
Data-Flow-Format (RADIUS Scheme View)
50
Display Radius Scheme
51
Display Radius Statistics
54
Display Stop-Accounting-Buffer
57
Key (RADIUS Scheme View)
58
Nas-Ip (RADIUS Scheme View)
59
Primary Accounting (RADIUS Scheme View)
60
Primary Authentication (RADIUS Scheme View)
61
Radius Client
63
Radius Nas-Ip
64
Radius Scheme
65
Radius Trap
66
Reset Radius Statistics
67
Reset Stop-Accounting-Buffer
67
Retry
68
Retry Realtime-Accounting
69
Retry Stop-Accounting (RADIUS Scheme View)
70
Secondary Accounting (RADIUS Scheme View)
70
Secondary Authentication (RADIUS Scheme View)
72
Security-Policy-Server
74
Server-Type
75
State Primary
76
State Secondary
76
Stop-Accounting-Buffer Enable (RADIUS Scheme View)
77
Timer Quiet (RADIUS Scheme View)
78
Timer Realtime-Accounting (RADIUS Scheme View)
79
Timer Response-Timeout (RADIUS Scheme View)
80
User-Name-Format (RADIUS Scheme View)
80
HWTACACS Configuration Commands
81
Data-Flow-Format (HWTACACS Scheme View)
81
Display Hwtacacs
82
Display Stop-Accounting-Buffer
85
Hwtacacs Nas-Ip
85
Hwtacacs Scheme
86
Key (HWTACACS Scheme View)
87
Nas-Ip (HWTACACS Scheme View)
88
Primary Accounting (HWTACACS Scheme View)
89
Primary Authentication (HWTACACS Scheme View)
90
Primary Authorization
91
Reset Hwtacacs Statistics
92
Reset Stop-Accounting-Buffer
93
Retry Stop-Accounting (HWTACACS Scheme View)
93
Secondary Accounting (HWTACACS Scheme View)
94
Secondary Authentication (HWTACACS Scheme View)
95
Secondary Authorization
96
Stop-Accounting-Buffer Enable (HWTACACS Scheme View)
98
Timer Quiet (HWTACACS Scheme View)
98
Timer Realtime-Accounting (HWTACACS Scheme View)
99
Timer Response-Timeout (HWTACACS Scheme View)
100
User-Name-Format (HWTACACS Scheme View)
100
802.1X Configuration Commands
102
Display Dot1X
102
Dot1X
105
Dot1X Authentication-Method
106
Dot1X Auth-Fail Vlan
107
Dot1X Critical Vlan
108
Dot1X Critical Recovery-Action
109
Dot1X Domain-Delimiter
110
Dot1X Guest-Vlan
111
Dot1X Handshake
112
Dot1X Handshake Secure
113
Dot1X Mandatory-Domain
113
Dot1X Max-User
114
Dot1X Multicast-Trigger
116
Dot1X Port-Control
116
Dot1X Port-Method
117
Dot1X Quiet-Period
118
Dot1X Re-Authenticate
119
Dot1X Retry
120
Dot1X Timer
121
Dot1X Unicast-Trigger
122
Reset Dot1X Statistics
123
EAD Fast Deployment Configuration Commands
124
Dot1X Free-Ip
124
Dot1X Timer Ead-Timeout
124
Dot1X Url
125
MAC Authentication Configuration Commands
127
Display Mac-Authentication
127
Mac-Authentication
129
Mac-Authentication Critical Vlan
130
Mac-Authentication Domain
131
Mac-Authentication Guest-Vlan
132
Mac-Authentication Max-User
133
Mac-Authentication Timer
133
Mac-Authentication User-Name-Format
134
Reset Mac-Authentication Statistics
135
Portal Configuration Commands
137
Display Portal Acl
137
Display Portal Connection Statistics
140
Display Portal Free-Rule
143
Display Portal Interface
145
Display Portal Local-Server
146
Display Portal Server
147
Display Portal Server Statistics
148
Display Portal Tcp-Cheat Statistics
150
Display Portal User
152
Portal Auth-Fail Vlan
153
Portal Auth-Network
154
Portal Delete-User
155
Portal Domain
155
Portal Free-Rule
156
Portal Local-Server
157
Portal Local-Server Enable
158
Portal Local-Server Ip
159
Portal Max-User
160
Portal Move-Mode Auto
160
Portal Nas-ID-Profile
161
Portal Nas-Ip
162
Portal Nas-Port-Type
162
Portal Offline-Detect Interval
163
Portal Redirect-Url
164
Portal Server
165
Portal Server Banner
166
Portal Server Method
166
Portal Server Server-Detect
167
Portal Server User-Sync
169
Portal Web-Proxy Port
170
Reset Portal Connection Statistics
171
Reset Portal Server Statistics
172
Reset Portal Tcp-Cheat Statistics
172
Port Security Configuration Commands
173
Display Port-Security
173
Display Port-Security Mac-Address Block
175
Display Port-Security Mac-Address Security
177
Port-Security Authorization Ignore
179
Port-Security Enable
180
Port-Security Intrusion-Mode
180
Port-Security Mac-Address Security
181
Port-Security Max-Mac-Count
182
Port-Security Ntk-Mode
183
Port-Security Oui
184
Port-Security Port-Mode
184
Port-Security Timer Disableport
187
Port-Security Trap
187
User Profile Configuration Commands
189
Display User-Profile
189
User-Profile Enable
190
User-Profile
190
Password Control Configuration Commands
192
Display Password-Control
192
Display Password-Control Blacklist
193
Password
194
Password-Control Aging
195
Password-Control Alert-Before-Expire
196
Password-Control Authentication-Timeout
197
Password-Control Complexity
197
Password-Control Composition
198
Password-Control { Aging | Composition | History | Length } Enable
199
Password-Control Enable
200
Password-Control Expired-User-Login
201
Password-Control History
201
Password-Control Length
202
Password-Control Login Idle-Time
203
Password-Control Login-Attempt
203
Password-Control Password Update Interval
205
Password-Control Super Aging
205
Password-Control Super Composition
206
Password-Control Super Length
207
Reset Password-Control Blacklist
207
Reset Password-Control History-Record
208
HABP Configuration Commands
209
Display Habp
209
Display Habp Table
210
Display Habp Traffic
210
Habp Client Vlan
211
Habp Enable
212
Habp Server Vlan
212
Habp Timer
213
Public Key Configuration Commands
214
Display Public-Key Local Public
214
Display Public-Key Peer
216
Peer-Public-Key End
217
Public-Key-Code Begin
217
Public-Key-Code End
218
Public-Key Local Create
219
Public-Key Local Destroy
220
Public-Key Local Export Dsa
220
Public-Key Local Export Rsa
222
Public-Key Peer
223
Public-Key Peer Import Sshkey
223
PKI Configuration Commands
225
Attribute
225
Ca Identifier
226
Certificate Request Entity
226
Certificate Request from
227
Certificate Request Mode
228
Certificate Request Polling
228
Certificate Request Url
229
Common-Name
230
Country
230
Crl Check
231
Crl Update-Period
231
Crl Url
232
Display Pki Certificate
233
Display Pki Certificate Access-Control-Policy
234
Display Pki Certificate Attribute-Group
235
Display Pki Crl Domain
236
Fqdn
238
Ip (PKI Entity View)
238
Ldap-Server
239
Locality
240
Organization
240
Organization-Unit
241
Pki Certificate Access-Control-Policy
241
Pki Certificate Attribute-Group
242
Pki Delete-Certificate
242
Pki Domain
243
Pki Entity
243
Pki Import-Certificate
244
Pki Request-Certificate Domain
245
Pki Retrieval-Certificate
246
Pki Retrieval-Crl Domain
246
Pki Validate-Certificate
247
Root-Certificate Fingerprint
247
Rule (PKI CERT ACP View)
248
State
249
SSH2.0 Configuration Commands
250
SSH2.0 Server Configuration Commands
250
Display Ssh Server
250
Display Ssh User-Information
251
Ssh Server Authentication-Retries
252
Ssh Server Authentication-Timeout
253
Ssh Server Compatible-Ssh1X
254
Ssh Server Enable
254
Ssh Server Rekey-Interval
255
Ssh User
256
SSH2.0 Client Configuration Commands
257
Display Ssh Client Source
257
Display Ssh Server-Info
258
Ssh Client Authentication Server
259
Ssh Client First-Time
259
Ssh Client Ipv6 Source
260
Ssh Client Source
261
Ssh2
261
Ssh2 Ipv6
263
SFTP Configuration Commands
265
SFTP Server Configuration Commands
265
Sftp Server Enable
265
Sftp Server Idle-Timeout
265
SFTP Client Configuration Commands
266
Bye
266
Cdup
267
Delete
267
Dir
268
Display Sftp Client Source
269
Exit
269
Get
270
Help
270
Mkdir
272
Put
272
Pwd
273
Quit
273
Remove
274
Rename
274
Rmdir
275
Sftp
275
Sftp Client Ipv6 Source
276
Sftp Client Source
277
Sftp Ipv6
278
SCP Configuration Commands
280
SCP Client Configuration Commands
280
Scp
280
SSL Configuration Commands
282
Ciphersuite
282
Client-Verify Enable
283
Close-Mode Wait
283
Display Ssl Client-Policy
284
Display Ssl Server-Policy
285
Handshake Timeout
286
Pki-Domain
287
Prefer-Cipher
288
Server-Verify Enable
288
Session
289
Ssl Client-Policy
290
Ssl Server-Policy
290
Version
291
TCP Attack Protection Configuration Commands
293
Display Tcp Status
293
Tcp Anti-Naptha Enable
294
Tcp State
294
Tcp Syn-Cookie Enable
295
Tcp Timer Check-State
296
IP Source Guard Configuration Commands
297
Display Ip Check Source
297
Display User-Bind
298
Ip Check Source
300
Ip Check Source Ipv6
300
Ip Check Source Max-Entries
301
User-Bind
302
User-Bind Ipv6
303
ARP Attack Protection Configuration Commands
304
ARP Packet Rate Limit Configuration Commands
304
Arp Rate-Limit
304
Source MAC Address Based ARP Attack Detection Configuration Commands
304
Arp Anti-Attack Source-Mac
304
Arp Anti-Attack Source-Mac Aging-Time
305
Arp Anti-Attack Source-Mac Exclude-Mac
306
Arp Anti-Attack Source-Mac Threshold
306
Display Arp Anti-Attack Source-Mac
307
ARP Packet Source MAC Address Consistency Check Configuration Commands
308
Arp Anti-Attack Valid-Check Enable
308
ARP Active Acknowledgement Configuration Commands
308
Arp Anti-Attack Active-Ack Enable
308
ARP Detection Configuration Commands
309
Arp Detection Enable
309
Arp Detection Trust
310
Arp Detection Validate
310
Arp Restricted-Forwarding Enable
311
Display Arp Detection
311
Display Arp Detection Statistics
312
Reset Arp Detection Statistics
313
ARP Gateway Protection Configuration Commands
314
Arp Filter Source
314
ARP Filtering Configuration Commands
314
Arp Filter Binding
314
ND Attack Defense Configuration Commands
316
Source MAC Consistency Check Commands
316
Ipv6 Nd Mac-Check Enable
316
ND Detection Configuration Commands
316
Display Ipv6 Nd Detection
316
Display Ipv6 Nd Detection Statistics
317
Ipv6 Nd Detection Enable
318
Ipv6 Nd Detection Trust
319
Reset Ipv6 Nd Detection Statistics
319
SAVI Configuration Commands
321
Ipv6 Savi Dad-Delay
321
Ipv6 Savi Dad-Preparedelay
321
Ipv6 Savi Down-Delay
322
Ipv6 Savi Strict
322
System-Guard Configuration Commands
324
Display System-Guard
324
System-Guard Aging Time
325
System-Guard Control
325
System-Guard Detect-Threshold
326
System-Guard Enable
326
System-Guard Rate-Limit
327
FIPS Configuration Commands
328
Fips Mode Enable
328
Display Fips Status
328
Fips Self-Test
329
Ipsec Configuration Commands
330
Ah Authentication-Algorithm
330
Connection-Name
330
Display Ipsec Policy
331
Display Ipsec Proposal
334
Display Ipsec Sa
335
Display Ipsec Session
338
Display Ipsec Statistics
339
Display Ipsec Tunnel
341
Encapsulation-Mode
342
Esp Authentication-Algorithm
343
Esp Encryption-Algorithm
343
Ike-Peer (Ipsec Policy View)
344
Ipsec Anti-Replay Check
345
Ipsec Anti-Replay Window
345
Ipsec Decrypt Check
346
Ipsec Policy (Interface View)
346
Ipsec Policy (System View)
347
Ipsec Proposal
348
Ipsec Sa Global-Duration
349
Ipsec Session Idle-Time
349
Pfs
350
Policy Enable
351
Proposal (Ipsec Policy View)
351
Qos Pre-Classify
352
Reset Ipsec Sa
353
Reset Ipsec Session
354
Reset Ipsec Statistics
354
Sa Authentication-Hex
355
Sa Duration
356
Sa Encryption-Hex
357
Sa Spi
358
Security Acl
358
Transform
359
Tunnel Local
360
Tunnel Remote
361
HP 5120 SI Series Security Configuration Manual (385 pages)
Brand:
HP
| Category:
Network Router
| Size: 3.63 MB
Table of Contents
Configuration Guide
1
Table of Contents
3
AAA Configuration
13
AAA Overview
13
Radius
14
Hwtacacs
20
Domain-Based User Management
22
Protocols and Standards
23
RADIUS Attributes
23
FIPS Compliance
26
AAA Configuration Considerations and Task List
26
Configuring AAA Schemes
28
Configuring Local Users
28
Configuring RADIUS Schemes
32
Configuring HWTACACS Schemes
43
Configuring AAA Methods for ISP Domains
48
Configuration Prerequisites
49
Creating an ISP Domain
49
Configuring ISP Domain Attributes
49
Configuring AAA Authentication Methods for an ISP Domain
50
Configuring AAA Authorization Methods for an ISP Domain
52
Configuring AAA Accounting Methods for an ISP Domain
54
Tearing down User Connections Forcibly
55
Configuring a NAS ID-VLAN Binding
55
Displaying and Maintaining AAA
56
AAA Configuration Examples
56
AAA for Telnet Users by an HWTACACS Server
56
AAA for Telnet Users by Separate Servers
58
Authentication/Authorization for Ssh/Telnet Users by a RADIUS Server
59
Level Switching Authentication for Telnet Users by an HWTACACS Server
63
Troubleshooting AAA
67
Troubleshooting RADIUS
67
Troubleshooting HWTACACS
68
802.1X Fundamentals
69
Architecture of 802.1X
69
Controlled/Uncontrolled Port and Pot Authorization Status
69
802.1X-Related Protocols
70
Packet Format
70
EAP over RADIUS
72
Initiating 802.1X Authentication
72
802.1X Client as the Initiator
72
Access Device as the Initiator
72
802.1X Authentication Procedures
73
A Comparison of EAP Relay and EAP Termination
73
EAP Relay
74
EAP Termination
75
802.1X Configuration
77
HP Implementation of 802.1X
77
Access Control Methods
77
Using 802.1X Authentication with Other Features
77
Configuring 802.1X
82
Configuration Prerequisites
82
802.1X Configuration Task List
82
Enabling 802.1X
83
Specifying EAP Relay or EAP Termination
84
Setting the Port Authorization State
84
Specifying an Access Control Method
85
Setting the Maximum Number of Concurrent 802.1X Users on a Port
85
Setting the Maximum Number of Authentication Request Attempts
86
Setting the 802.1X Authentication Timeout Timers
86
Configuring the Online User Handshake Function
87
Configuring the Authentication Trigger Function
88
Specifying a Mandatory Authentication Domain on a Port
88
Enabling the Quiet Timer
89
Enabling the Periodic Online User Re-Authentication Function
89
Configuring an 802.1X Guest VLAN
90
Configuring an Auth-Fail VLAN
91
Configuring an 802.1X Critical VLAN
92
Specifying Supported Domain Name Delimiters
93
Displaying and Maintaining 802.1X
93
802.1X Configuration Examples
94
802.1X Authentication Configuration Example
94
With Guest VLAN and VLAN Assignment Configuration Example
96
802.1X with ACL Assignment Configuration Example
99
EAD Fast Deployment Configuration
101
EAD Fast Deployment Overview
101
EAD Fast Deployment Implementation
101
Configuring EAD Fast Deployment
101
Configuration Prerequisites
101
Configuration Procedure
102
Displaying and Maintaining EAD Fast Deployment
103
EAD Fast Deployment Configuration Example
103
Troubleshooting EAD Fast Deployment
105
Web Browser Users Cannot be Correctly Redirected
105
MAC Authentication Configuration
107
MAC Authentication Overview
107
User Account Policies
107
Authentication Approaches
107
MAC Authentication Timers
108
Using MAC Authentication with Other Features
108
VLAN Assignment
108
ACL Assignment
109
Guest VLAN
109
Critical VLAN
109
MAC Authentication Configuration Task List
109
Basic Configuration for MAC Authentication
110
Configuration Prerequisites
110
Configuration Procedure
110
Specifying an Authentication Domain for MAC Authentication Users
111
Configuring a MAC Authentication Guest VLAN
112
Configuration Prerequisites
112
Configuration Procedure
112
Configuring a MAC Authentication Critical VLAN
113
Configuration Prerequisites
113
Configuration Procedure
113
Displaying and Maintaining MAC Authentication
113
MAC Authentication Configuration Examples
114
Local MAC Authentication Configuration Example
114
RADIUS-Based MAC Authentication Configuration Example
115
ACL Assignment Configuration Example
117
Portal Configuration
120
Overview
120
Extended Portal Functions
120
Portal System Components
120
Portal System Using the Local Portal Server
122
Portal Authentication Modes
123
Portal Support for EAP
123
Layer 2 Portal Authentication Process
124
Layer 3 Portal Authentication Process
125
Portal Configuration Task List
128
Configuration Prerequisites
129
Specifying the Portal Server
130
Specifying the Local Portal Server for Layer 2 Portal Authentication
130
Specifying a Portal Server for Layer 3 Portal Authentication
130
Configuring the Local Portal Server
131
Customizing Authentication Pages
131
Configuring the Local Portal Server
134
Enabling Portal Authentication
135
Enabling Layer 2 Portal Authentication
135
Enabling Layer 3 Portal Authentication
135
Controlling Access of Portal Users
136
Configuring a Portal-Free Rule
136
Configuring an Authentication Source Subnet
137
Setting the Maximum Number of Online Portal Users
138
Specifying an Authentication Domain for Portal Users
138
Configuring Layer 2 Portal Authentication to Support Web Proxy
139
Enabling Support for Portal User Moving
139
Specifying an Auth-Fail VLAN for Portal Authentication
140
Configuring RADIUS Related Attributes
140
Specifying NAS-Port-Type for an Interface
141
Specifying a NAS ID Profile for an Interface
141
Specifying a Source IP Address for Outgoing Portal Packets
142
Specifying an Auto Redirection URL for Authenticated Portal Users
142
Configuring Portal Detection Functions
143
Configuring Online Layer 2 Portal User Detection
143
Configuring the Portal Server Detection Function
143
Configuring Portal User Information Synchronization
145
Logging off Portal Users
146
Displaying and Maintaining Portal
146
Portal Configuration Examples
147
Configuring Direct Portal Authentication
147
Configuring Cross-Subnet Portal Authentication
154
Configuring Direct Portal Authentication with Extended Functions
156
Configuring Cross-Subnet Portal Authentication with Extended Functions
158
Configuring Portal Server Detection and Portal User Information Synchronization
160
Configuring Layer 2 Portal Authentication
168
Troubleshooting Portal
171
Inconsistent Keys on the Access Device and the Portal Server
171
Incorrect Server Port Number on the Access Device
172
Triple Authentication Configuration
173
Introduction to Triple Authentication
173
Overview
173
Triple Authentication Mechanism
173
Extended Functions
174
Triple Authentication Configuration Task List
175
Triple Authentication Configuration Examples
175
Triple Authentication Basic Function Configuration Example
175
Triple Authentication Supporting VLAN Assignment and Auth-Fail VLAN Configuration Example
178
Port Security Configuration
183
Port Security Overview
183
Port Security Features
184
Port Security Modes
184
Support for Guest VLAN and Auth-Fail VLAN
186
Port Security Configuration Task List
187
Enabling Port Security
187
Configuration Prerequisites
187
Configuration Procedure
187
Setting the Maximum Number of Secure MAC Addresses
188
Setting the Port Security Mode
188
Configuration Prerequisites
188
Configuration Procedure
189
Configuring Port Security Features
190
Configuring NTK
190
Configuring Intrusion Protection
190
Configuring Port Security Traps
191
Configuring Secure MAC Addresses
191
Configuration Prerequisites
192
Configuration Procedure
192
Ignoring Authorization Information from the Server
192
Displaying and Maintaining Port Security
193
Port Security Configuration Examples
193
Configuring the Autolearn Mode
193
Configuring the Userloginwithoui Mode
195
Verify the Configuration
197
Configuring the Macaddresselseuserloginsecure Mode
199
Configuration Information
200
Troubleshooting Port Security
202
Cannot Set the Port Security Mode
202
Cannot Configure Secure MAC Addresses
202
Cannot Change Port Security Mode When a User Is Online
203
User Profile Configuration
204
User Profile Overview
204
User Profile Configuration Task List
204
Creating a User Profile
205
Configuration Prerequisites
205
Configuring a User Profile
205
Enabling a User Profile
206
Displaying and Maintaining User Profile
206
Password Control Configuration
207
Password Control Overview
207
FIPS Compliance
209
Password Control Configuration Task List
210
Configuring Password Control
210
Enabling Password Control
210
Setting Global Password Control Parameters
211
Setting User Group Password Control Parameters
212
Setting Local User Password Control Parameters
213
Setting Super Password Control Parameters
213
Setting a Local User Password in Interactive Mode
214
Displaying and Maintaining Password Control
214
Password Control Configuration Example
215
HABP Configuration
218
Introduction to HABP
218
Configuring HABP
219
Configuring the HABP Server
219
Configuring an HABP Client
219
Displaying and Maintaining HABP
220
HABP Configuration Example
220
Network Requirements
220
Configuration Procedure
221
Public Key Configuration
223
Asymmetric Key Algorithm Overview
223
Basic Concepts
223
Key Algorithm Types
223
Asymmetric Key Algorithm Applications
224
FIPS Compliance
224
Configuring the Local Asymmetric Key Pair
224
Creating an Asymmetric Key Pair
224
Displaying or Exporting the Local RSA or DSA Host Public Key
225
Destroying an Asymmetric Key Pair
225
Configuring a Remote Host's Public Key
226
Displaying and Maintaining Public Keys
227
Public Key Configuration Examples
227
Configuring a Remote Host's Public Key Manually
227
Importing a Remote Host's Public Key from a Public Key File
229
PKI Configuration
232
Introduction to PKI
232
PKI Overview
232
PKI Terms
232
Architecture of PKI
233
Applications of PKI
234
Operation of PKI
234
PKI Configuration Task List
235
Configuring an Entity DN
235
Configuring a PKI Domain
236
Submitting a PKI Certificate Request
238
Submitting a Certificate Request in Auto Mode
238
Submitting a Certificate Request in Manual Mode
239
Retrieving a Certificate Manually
240
Configuring PKI Certificate Verification
240
Destroying a Local RSA Key Pair
242
Deleting a Certificate
242
Configuring an Access Control Policy
242
Displaying and Maintaining PKI
243
PKI Configuration Examples
243
Requesting a Certificate from a CA Running RSA Keon
243
Requesting a Certificate from a CA Running Windows 2003 Server
247
Configuring a Certificate Attribute-Based Access Control Policy
250
Troubleshooting PKI
251
Failed to Retrieve a CA Certificate
251
Failed to Request a Local Certificate
252
Failed to Retrieve Crls
253
SSH2.0 Configuration
254
SSH2.0 Overview
254
Introduction to SSH2.0
254
SSH Operation
254
FIPS Compliance
257
Configuring the Device as an SSH Server
257
SSH Server Configuration Task List
257
Generating a DSA or RSA Key Pair
257
Enabling the SSH Server Function
258
Configuring the User Interfaces for SSH Clients
258
Configuring a Client Public Key
259
Configuring an SSH User
260
Setting the SSH Management Parameters
261
Configuring the Device as an SSH Client
262
SSH Client Configuration Task List
262
Specifying a Source IP Address/Interface for the SSH Client
262
Configuring Whether First-Time Authentication Is Supported
262
Establishing a Connection between the SSH Client and Server
263
Displaying and Maintaining SSH
264
SSH Server Configuration Examples
265
When Switch Acts as Server for Password Authentication
265
When Switch Acts as Server for Publickey Authentication
267
SSH Client Configuration Examples
272
When Switch Acts as Client for Password Authentication
272
When Switch Acts as Client for Publickey Authentication
275
SFTP Configuration
278
SFTP Overview
278
Configuring the Device as an SFTP Server
278
Configuration Prerequisites
278
Enabling the SFTP Server
278
Configuring the SFTP Connection Idle Timeout Period
279
Configuring the Device an SFTP Client
279
Specifying a Source IP Address or Interface for the SFTP Client
279
Establishing a Connection to the SFTP Server
279
Working with SFTP Directories
280
Working with SFTP Files
281
Displaying Help Information
281
Terminating the Connection to the Remote SFTP Server
281
SFTP Client Configuration Example
282
SFTP Server Configuration Example
285
SCP Configuration
288
SCP Overview
288
Configuring the Switch as an SCP Server
288
Configuring the Switch as the SCP Client
289
SCP Client Configuration Example
289
SCP Server Configuration Example
290
SSL Configuration
292
SSL Overview
292
SSL Security Mechanism
292
SSL Protocol Stack
293
FIPS Compliance
294
SSL Configuration Task List
294
Configuring an SSL Server Policy
294
Configuration Prerequisites
294
Configuration Procedure
294
SSL Server Policy Configuration Example
295
Configuring an SSL Client Policy
297
Configuration Prerequisites
297
Configuration Procedure
297
Displaying and Maintaining SSL
298
Troubleshooting SSL
298
SSL Handshake Failure
298
TCP Attack Protection Configuration
300
TCP Attack Protection Overview
300
Enabling the SYN Cookie Feature
300
Enabling Protection against Naptha Attacks
301
Displaying and Maintaining TCP Attack Protection
301
IP Source Guard Configuration
302
IP Source Guard Overview
302
IP Source Guard Entries
302
Configuring Ipv4 Source Guard
303
Configuring Static Ipv4 Source Guard
303
Configuring Dynamic Ipv4 Source Guard
304
Setting the Maximum Number of Ipv4 Source Guard Entries
305
Configuring Ipv6 Source Guard
305
Configuring Static Ipv6 Source Guard
305
Configuring Dynamic Ipv6 Source Guard
306
Setting the Maximum Number of Ipv6 Source Guard Entries
307
Displaying and Maintaining IP Source Guard
307
IP Source Guard Configuration Examples
308
Static Ipv4 Source Guard Configuration Example
308
Dynamic Ipv4 Source Guard Using DHCP Snooping Configuration Example
309
Dynamic Ipv4 Source Guard Using DHCP Relay Configuration Example
311
Static Ipv6 Source Guard Configuration Example
312
Dynamic Ipv6 Source Guard Using Dhcpv6 Snooping Configuration Example
312
Dynamic Ipv6 Source Guard Using ND Snooping Configuration Example
314
Troubleshooting IP Source Guard
315
Neither Static nor Dynamic IP Source Guard Can be Configured
315
ARP Attack Protection Configuration
316
ARP Attack Protection Overview
316
ARP Attack Protection Configuration Task List
316
Configuring ARP Packet Rate Limit
317
Configuring Source MAC Address Based ARP Attack Detection
318
Introduction
318
Configuration Procedure
318
Displaying and Maintaining Source MAC Address Based ARP Attack Detection
319
Configuring ARP Packet Source MAC Address Consistency Check
319
Introduction
319
Configuration Procedure
319
Configuring ARP Active Acknowledgement
319
Configuring ARP Detection
320
Introduction
320
Security Entries/Oui MAC Addresses
320
Configuring ARP Detection Based on Specified Objects
321
Configuring ARP Restricted Forwarding
322
Displaying and Maintaining ARP Detection
322
ARP Detection Configuration Example I
323
ARP Detection Configuration Example II
324
ARP Restricted Forwarding Configuration Example
325
Configuring ARP Gateway Protection
327
Introduction
327
Configuration Procedure
327
ARP Gateway Protection Configuration Example
328
Configuring ARP Filtering
329
Introduction
329
Configuration Procedure
329
ARP Filtering Configuration Example
329
ND Attack Defense Configuration
331
Introduction to ND Attack Defense
331
Enabling Source MAC Consistency Check for ND Packets
332
Configuring the ND Detection Function
332
Introduction to ND Detection
332
Configuring ND Detection
333
Displaying and Maintaining ND Detection
334
ND Detection Configuration Example
334
SAVI Configuration
337
SAVI Overview
337
Global SAVI Configuration
337
SAVI Configuration in Dhcpv6-Only Address Assignment Scenario
338
SAVI Configuration in SLAAC-Only Address Assignment Scenario
340
SAVI Configuration in Dhcpv6+Slaac Address Assignment Scenario
342
System-Guard Configuration
345
Configuring System-Guard
345
Displaying System-Guard
346
System-Guard Configuration Example
346
Network Requirements
346
Configuration Procedure
346
HP 5120 SI Series Installation Manual (48 pages)
Brand:
HP
| Category:
Switch
| Size: 2.35 MB
Table of Contents
Installation Guide
1
Table of Contents
3
Preparing for Installation
5
Safety Recommendations
5
Examining the Installation Site
6
Temperature/Humidity
6
Cleanliness
6
Emi
7
Laser Safety
7
Installation Tools
7
Installation Accessories
8
Installing the Switch
10
Installing the Switch in a 19-Inch Rack
10
Mounting Brackets and Mounting Positions
11
Attaching the Mounting Brackets to the Switch Chassis
11
Rack-Mounting the Switch
13
Mounting the Switch on a Workbench
15
Grounding the Switch
15
Grounding the Switch with a Grounding Strip
15
Grounding the Switch with a Grounding Conductor Buried in the Earth Ground
17
Grounding the Switch by Using the AC Power Cord
18
Connecting the Power Cord
19
Connecting the AC Power Cord
19
Connecting the Switch to a -52 to -55 VDC Output RPS
19
Verifying the Installation
20
Accessing the Switch for the First Time
21
Setting up the Configuration Environment
21
Connecting the Console Cable
21
Console Cable
21
Setting Terminal Parameters
22
Powering on the Switch
22
Setting up an IRF Fabric
23
IRF Fabric Setup Flowchart
23
Planning IRF Fabric Setup
24
Planning IRF Fabric Size and the Installation Site
24
Identifying the Master Switch and Planning IRF Member Ids
24
Planning IRF Topology and Connections
25
Identifying Physical IRF Ports on the Member Switches
26
Planning the Cabling Scheme
26
Configuring Basic IRF Settings
27
Connecting the Physical IRF Ports
27
Accessing the IRF Fabric to Verify the Configuration
27
Maintenance and Troubleshooting
28
Power Supply Failure
28
Configuration Terminal Problems
29
Appendix A Chassis Views and Technical Specifications
30
Chassis Views
30
5120 16G si
30
5120 48G si
31
5120 8G Poe+ (65W) si
31
5120 8G Poe+ (180W) si
32
5120 24G Poe+ (370W) si
33
Technical Specifications
34
Chassis Dimensions and Weights
34
Ports
34
Environmental Specifications
34
Power Specifications
34
Power Input Types
34
AC Input Voltage Specifications
35
RPS DC Input Voltage Specifications and RPS Compatibility
35
Power Consumption Specifications for Non-Poe Switches
35
Power Consumption Specifications for Poe Switches
35
Cooling System
35
Appendix B Frus and Compatibility Matrixes
37
SFP Transceiver Modules and SFP Stacking Kit
37
Appendix C Ports and Leds
39
Ports
39
Console Port
39
10/100/1000Base-T Ethernet Port
39
SFP Port
39
Leds
39
Power LED
40
RPS Status LED
40
Port Mode LED
40
10/100/1000Base-T Ethernet Port LED
41
1000Base-X SFP Port LED
42
HP 5120 SI Series Specification (33 pages)
5120 SI Switch Series
Brand:
HP
| Category:
Switch
| Size: 0.57 MB
Table of Contents
Key Features
1
Product Overview
1
Features and Benefits
1
Additional Information
4
Technical Specifications
8
Related Products
HP HP 5120 series
HP 5120 EI Series
HP 5120-48G EI TAA
HP 5120-48G-PoE+ EI
HP 5120-24G EI TAA
HP 5120-48G SI
HP 5120-24G SI
HP 5120-24G-PoE+ 170W SI
HP 5120-24G-PoE+ 370W SI
HP 5120-16G SI
HP Categories
Desktop
Laptop
Server
Monitor
Switch
More HP Manuals