HPE 3100 48 v2 Switch SecurityCommand Reference

Contents

AAA configuration commands

General AAA configuration commands

aaa nas-id profile

access-limit enable

accounting command

accounting default

accounting lan-access

accounting login

accounting optional

accounting portal

authentication default

authentication lan-access

authentication login

authentication portal

authentication super

authorization command

authorization default

authorization lan-access

authorization login

authorization portal

authorization-attribute user-profile

display connection

domain default enable

idle-cut enable

nas-id bind vlan

self-service-url enable

state (ISP domain view)

Local user configuration commands

authorization-attribute (local user view/user group view)

display local-user

display user-group

expiration-date (local user view)

group-attribute allow-guest

password (local user view)

state (local user view)

RADIUS configuration commands

accounting-on enable

attribute 25 car

data-flow-format (RADIUS scheme view)

display radius scheme

display radius statistics

display stop-accounting-buffer (for RADIUS)

key (RADIUS scheme view)

nas-ip (RADIUS scheme view)

primary accounting (RADIUS scheme view)

primary authentication (RADIUS scheme view)

radius ipv6 dscp

reset radius statistics

reset stop-accounting-buffer (for RADIUS)

retry realtime-accounting

retry stop-accounting (RADIUS scheme view)

secondary accounting (RADIUS scheme view)

secondary authentication (RADIUS scheme view)

security-policy-server

state secondary

stop-accounting-buffer enable (RADIUS scheme view)

timer quiet (RADIUS scheme view)

timer realtime-accounting (RADIUS scheme view)

timer response-timeout (RADIUS scheme view)

user-name-format (RADIUS scheme view)

HWTACACS configuration commands

data-flow-format (HWTACACS scheme view)

display hwtacacs

display stop-accounting-buffer (for HWTACACS)

hwtacacs nas-ip

hwtacacs scheme

key (HWTACACS scheme view)

nas-ip (HWTACACS scheme view)

primary accounting (HWTACACS scheme view)

primary authentication (HWTACACS scheme view)

primary authorization

reset hwtacacs statistics

reset stop-accounting-buffer (for HWTACACS)

retry stop-accounting (HWTACACS scheme view)

secondary accounting (HWTACACS scheme view)

secondary authentication (HWTACACS scheme view)

secondary authorization

stop-accounting-buffer enable (HWTACACS scheme view)

timer quiet (HWTACACS scheme view)

timer realtime-accounting (HWTACACS scheme view)

timer response-timeout (HWTACACS scheme view)

user-name-format (HWTACACS scheme view)

RADIUS server configuration commands

authorization-attribute (RADIUS-server user view)

expiration-date (RADIUS-server user view)

password (RADIUS-server user view)

radius-server client-ip

radius-server user

802.1X configuration commands

dot1x attempts max-fail

dot1x authentication-method

dot1x auth-fail vlan

dot1x binding-mac

dot1x binding-mac enable

dot1x critical eapol

dot1x critical vlan

dot1x critical recovery-action

dot1x domain-delimiter

dot1x eapol untag

dot1x guest-vlan

dot1x handshake

dot1x handshake secure

dot1x mandatory-domain

dot1x multicast-trigger

dot1x port-control

dot1x port-method

dot1x quiet-period

dot1x re-authenticate

dot1x unicast-trigger

dot1x voice vlan

reset dot1x statistics

EAD fast deployment configuration commands

dot1x timer ead-timeout

MAC authentication configuration commands

display mac-authentication

mac-authentication

mac-authentication critical vlan

mac-authentication domain

mac-authentication guest-vlan

mac-authentication host-mode multi-vlan

mac-authentication max-user

mac-authentication timer

mac-authentication timer auth-delay

mac-authentication user-name-format

mac-authentication voice vlan

reset mac-authentication statistics

Portal configuration commands

display portal acl

display portal connection statistics

display portal free-rule

display portal interface

display portal local-server

display portal server

display portal server statistics

display portal tcp-cheat statistics

display portal user

portal auth-fail vlan

portal auth-network

portal delete-user

portal free-rule

portal local-server

portal local-server enable

portal local-server ip

portal max-user

portal move-mode auto

portal nas-id-profile

portal nas-port-type

portal offline-detect interval

portal redirect-url

portal server banner

portal server method

portal server server-detect

portal server user-sync

portal web-proxy port

reset portal connection statistics

reset portal server statistics

reset portal tcp-cheat statistics

Port security configuration commands

display port-security

display port-security mac-address block

display port-security mac-address security

port-security authorization ignore

port-security enable

port-security intrusion-mode

port-security mac-address aging-type inactivity

port-security mac-address dynamic

port-security mac-address security

port-security max-mac-count

port-security ntk-mode

port-security oui

port-security port-mode

port-security timer autolearn aging

port-security timer disableport

port-security trap

User profile configuration commands

display user-profile

user-profile enable

Password control configuration commands

display password-control

display password-control blacklist

password-control { aging | composition | history | length } enable

password-control aging

password-control alert-before-expire

password-control authentication-timeout

password-control complexity

password-control composition

password-control enable

password-control expired-user-login

password-control history

password-control length

password-control login idle-time

password-control login-attempt

password-control password update interval

password-control super aging

password-control super composition

password-control super length

reset password-control blacklist

reset password-control history-record

HABP configuration commands

display habp table

display habp traffic

habp client vlan

habp server vlan

Public key configuration commands

display public-key local public

display public-key peer

peer-public-key end

public-key-code begin

public-key-code end

public-key local create

public-key local destroy

public-key local export dsa

public-key local export ecdsa

public-key local export rsa

public-key peer

public-key peer import sshkey

PKI configuration commands

certificate request entity

certificate request from

certificate request mode

certificate request polling

certificate request url

crl update-period

display pki certificate

display pki certificate access-control-policy

display pki certificate attribute-group

display pki crl domain

ip (PKI entity view)

organization-unit

pki certificate access-control-policy

pki certificate attribute-group

pki delete-certificate

pki import-certificate

pki request-certificate domain

pki retrieval-certificate

pki retrieval-crl domain

pki validate-certificate

root-certificate fingerprint

rule (PKI CERT ACP view)

IPsec configuration commands

ah authentication-algorithm

connection-name

display ipsec policy

display ipsec proposal

display ipsec sa

display ipsec session

display ipsec statistics

display ipsec tunnel

encapsulation-mode

esp authentication-algorithm

esp encryption-algorithm

ike-peer (IPsec policy view)

ipsec anti-replay check

ipsec anti-replay window

ipsec decrypt check

ipsec policy (interface view)

ipsec policy (system view)

ipsec sa global-duration

ipsec session idle-time

proposal (IPsec policy view)

qos pre-classify

reset ipsec session

reset ipsec statistics

sa authentication-hex

sa encryption-hex

IKE configuration commands

authentication-algorithm

authentication-method

certificate domain

display ike dpd

display ike peer

display ike proposal

encryption-algorithm

ike next-payload check disabled

ike peer (system view)

ike sa keepalive-timer interval

ike sa keepalive-timer timeout

ike sa nat-keepalive-timer interval

proposal (IKE peer view)

SSH2.0 configuration commands

SSH2.0 server configuration commands

display ssh server

display ssh user-information

ssh server authentication-retries

ssh server authentication-timeout

ssh server compatible-ssh1x

ssh server dscp

ssh server enable

ssh server ipv6 acl

ssh server ipv6 dscp

ssh server rekey-interval

SSH2.0 client configuration commands

display ssh client source

display ssh server-info

ssh client authentication server

ssh client dscp

ssh client first-time

ssh client ipv6 dscp

ssh client ipv6 source

ssh client source

SFTP configuration commands

SFTP server configuration commands

sftp server enable

sftp server idle-timeout

SFTP client configuration commands

display sftp client source

sftp client dscp

sftp client ipv6 dscp

sftp client ipv6 source

sftp client source

SCP configuration commands

SCP client configuration commands

SSL configuration commands

client-verify enable

client-verify weaken

close-mode wait

display ssl client-policy

display ssl server-policy

handshake timeout

server-verify enable

ssl client-policy

ssl server-policy

ssl version ssl3.0 disable

TCP attack protection configuration commands

attack-defense tcp fragment enable

display tcp status

tcp syn-cookie enable

IP source guard configuration commands

display ip source binding

display ipv6 source binding

dot1x user-ip freeze

ip source binding (interface view)

ip source binding (system view)

ip verify source

ip verify source dot1x

ip verify source max-entries

ipv6 source binding (interface view)

ipv6 source binding (system view)

ipv6 verify source

ipv6 verify source max-entries

ARP attack protection configuration commands

ARP defense against IP packet attacks configuration commands

arp resolving-route enable

arp source-suppression enable

arp source-suppression limit

display arp source-suppression

ARP packet rate limit configuration commands

arp rate-limit information

Source MAC address based ARP attack detection configuration commands

arp anti-attack source-mac

arp anti-attack source-mac aging-time

arp anti-attack source-mac exclude-mac

arp anti-attack source-mac threshold

display arp anti-attack source-mac

ARP packet source mac address consistency check configuration commands

arp anti-attack valid-check enable

ARP active acknowledgement configuration commands

arp anti-attack active-ack enable

ARP detection configuration commands

arp detection enable

arp detection log enable

arp detection trust

arp detection validate

arp restricted-forwarding enable

display arp detection

display arp detection statistics

reset arp detection statistics

ARP automatic scanning and fixed ARP configuration commands

ARP gateway protection configuration commands

arp filter source

ARP filtering configuration commands

arp filter binding

ND attack defense configuration commands

Source MAC consistency check commands

ipv6 nd mac-check enable

ND detection configuration commands

display ipv6 nd detection

display ipv6 nd detection statistics

ipv6 nd detection enable

ipv6 nd detection trust

reset ipv6 nd detection statistics

MFF configuration commands

display mac-forced-forwarding interface

display mac-forced-forwarding vlan

mac-forced-forwarding

mac-forced-forwarding gateway probe

mac-forced-forwarding network-port

mac-forced-forwarding server

SAVI configuration commands

ipv6 savi dad-delay

ipv6 savi dad-preparedelay

ipv6 savi down-delay

ipv6 savi strict

Blacklist configuration commands

blacklist enable

display blacklist

FIPS configuration commands

fips mode enable

display fips status

Document conventions and icons

Network topology icons

Support and other resources

Accessing Hewlett Packard Enterprise Support

Accessing updates

Customer self repair

Documentation feedback

© Copyright 2016 Hewlett Packard Enterprise Development LP