Login
| Title | Size | Downloads |
|---|---|---|
| 09 Security Command Reference-book.pdf | 2.05 MB |
- Table of Contents
- Related Documents
Preface
The H3C S5500-HI documentation set includes 11 command references, which describe the commands and command syntax options available for the H3C S5500-HI Switch Series.
The Security Command Reference describes security configuration commands. It covers the commands for configuring authentication features (including AAA, 802.1X, MAC authentication, portal authentication, and so on) and attack protection features (including IP source guard, ARP attack protection, and so on).
This preface includes:
· Audience
· About the H3C S5500-HI documentation set
Audience
This documentation is intended for:
· Network planners
· Field technical support and servicing engineers
· Network administrators working with the S5500-HI series
Added and modified commands
This documentation set is for Release 52xx. The following describes the command changes between releases:
· Release 5206 has the following command changes over Release 5203:
|
Command reference |
Added and modified commands |
|
AAA |
Modified commands: · primary accounting (HWTACACS scheme view) · primary authentication (HWTACACS scheme view) · primary authorization · secondary accounting (HWTACACS scheme view) · secondary authentication(HWTACACS scheme view) · secondary authorization |
|
MAC authentication |
· New commands: mac-authentication host-mode multi-vlan |
|
TCP attack protection |
New commands: · dot1x user-ip freeze · ip verify source dot1x |
|
IP source guard |
New commands: arp detection log enable. |
· Release 5203 has the following command changes over Release 5101:
|
Command reference |
Added and modified commands |
|
AAA |
New commands: · dscp (ISP domain view) · radius dscp · radius ipv6 dscp Modified commands: · password (Local user view) · password (RADIUS-server user view) · key (RADIUS scheme view) · key (HWTACACS scheme view) · primary accounting (RADIUS scheme view) · primary authentication (RADIUS scheme view) · secondary accounting (RADIUS scheme view) · secondary authentication( RADIUS scheme view) · radius-server client-ip Removed command: local-user password-display-mode |
|
802.1X |
Added commands: · dot1x attempts max-fail · dot1x critical vlan · dot1x critical recovery-action · dot1x eapol untag · vlan-group · vlan-list |
|
EAD fast deployment |
N/A |
|
MAC authentication |
Added commands: · mac-authentication critical vlan · mac-authentication timer auth-delay Modified command: · The value range for the offline-detect-value argument in the mac-authentication timer offline-detect command changed. · The value range for the password argument in the mac-authentication user-name-format command in RADIUS server user view changed. |
|
Portal |
Modified commands: · IPv6 related parameters were added to the portal auth-network command. · IPv6 related parameters were added to the portal delete-user command. · IPv6 related parameters were added to the portal domain command. · IPv6 related parameters were added to the portal free-rule command. · IPv6 related parameters were added to the portal nas-ip command. · IPv6 related parameters and the cipher keyword were added to the portal server command. |
|
Port security |
N/A |
|
User profile |
N/A |
|
Password control |
Modified commands: reset password-control blacklist. The all keyword was added. |
|
HABP |
N/A |
|
Public key |
N/A |
|
PKI |
Modified commands: certificate request mode. Value range for the password argument changed. |
|
IPsec |
Added commands: · ACL-based IPsec commands · IKE commands. |
|
SSH 2.0 |
Added commands: · scp · ssh server dscp · ssh server ipv6 dscp · ssh client dscp · ssh client ipv6 dscp · sftp client dscp · sftp client ipv6 dscp Modified commands: The keyword scp was added to the ssh user command. |
|
SSL |
N/A |
|
TCP attack protection |
N/A |
|
IP source guard |
N/A |
|
ARP attack protection |
Added command: arp detection. |
|
ND attack defense |
N/A |
|
URPF |
N/A |
|
MFF |
N/A |
|
SAVI |
Added command: ipv6 savi down-delay. |
|
Black list |
N/A |
|
FIPS |
All FIPS related configuration commands are newly added to this release. |
Conventions
This section describes the conventions used in this documentation set.
Command conventions
|
Convention |
Description |
|
Boldface |
Bold text represents commands and keywords that you enter literally as shown. |
|
Italic |
Italic text represents arguments that you replace with actual values. |
|
[ ] |
Square brackets enclose syntax choices (keywords or arguments) that are optional. |
|
{ x | y | ... } |
Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. |
|
[ x | y | ... ] |
Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. |
|
{ x | y | ... } * |
Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. |
|
[ x | y | ... ] * |
Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. |
|
&<1-n> |
The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. |
|
# |
A line that starts with a pound (#) sign is comments. |
GUI conventions
|
Convention |
Description |
|
Boldface |
Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK. |
|
> |
Multi-level menus are separated by angle brackets. For example, File > Create > Folder. |
|
Convention |
Description |
|
< > |
Button names are inside angle brackets. For example, click <OK>. |
|
[ ] |
Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. |
|
/ |
Multi-level menus are separated by forward slashes. For example, [File/Create/Folder]. |
Symbols
|
Convention |
Description |
|
|
An alert that calls attention to important information that if not understood or followed can result in personal injury. |
|
|
An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. |
|
|
An alert that calls attention to essential information. |
|
NOTE |
An alert that contains additional or supplementary information. |
|
|
An alert that provides helpful information. |
Network topology icons
|
|
Represents a generic network device, such as a router, switch, or firewall. |
|
|
Represents a routing-capable device, such as a router or Layer 3 switch. |
|
|
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. |
Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your device.
About the H3C S5500-HI documentation set
The H3C S5500-HI documentation set includes:
|
Category |
Documents |
Purposes |
|
|
Product description and specifications |
Marketing brochure |
Describe product specifications and benefits. |
|
|
Technology white papers |
Provide an in-depth description of software features and technologies. |
||
|
Hardware specifications and installation |
Compliance and safety manual CE DOCs |
Provide regulatory information and the safety instructions that must be followed during installation. |
|
|
Installation quick start |
Guides you through initial installation and setup procedures to help you quickly set up your device. |
||
|
Installation guide |
Provides a complete guide to switch installation and specifications. |
||
|
LSPM1FAN and LSPM1FANB Installation Manual |
Describes the appearances, specifications, installation, and removal of the pluggable fan modules available for the products. |
||
|
User manuals for power modules |
Describe the specifications, installation, and replacement of hot swappable power modules. |
||
|
RPS Ordering Information for H3C Low-End Ethernet Switches |
Helps you order RPSs for switches that can work with an RPS. |
||
|
User manuals for RPSs |
Describe the specifications, installation, and replacement of RPSs. |
||
|
User manuals for interface cards |
Describe the specifications, installation, and replacement of expansion interface cards. |
||
|
H3C Low End Series Ethernet Switches Pluggable Modules Manual |
Describes the specifications of pluggable transceiver modules. |
||
|
Pluggable SFP[SFP+][XFP] Transceiver Modules Installation Guide |
Describe the installation, and replacement of SFP/SFP+/XFP transceiver modules. |
||
|
Software configuration |
Configuration guides |
Describe software features and configuration procedures. |
|
|
Command references |
Provide a quick reference to all available commands. |
||
|
Operations and maintenance |
Release notes |
Provide information about the product release, including the version history, hardware and software compatibility matrix, version upgrade information, technical support information, and software upgrading. |
|
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with the software version.
Technical support
service@h3c.com
http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
