Configuration procedure ································································································································ 456
Configuring FIPS ························································································· 458
Overview ························································································································································ 458
Configuring FIPS mode ·································································································································· 459
Entering FIPS mode ······························································································································· 459
Exiting FIPS mode ································································································································· 461
FIPS self-tests ················································································································································ 461
Power-up self-tests ································································································································ 462
Conditional self-tests ······························································································································ 462
Triggering self-tests ································································································································ 463
FIPS configuration examples ························································································································· 463
Overview ························································································································································ 468
Single-packet attacks ····························································································································· 468
Scanning attacks ···································································································································· 469
Flood attacks ·········································································································································· 470
TCP fragment attack ······························································································································ 471
Login DoS attack ···································································································································· 471
Login dictionary attack ··························································································································· 471
Blacklist feature ·············································································································································· 471
Enabling the login delay ································································································································· 482
Configuring MACsec ··················································································· 490
Overview ························································································································································ 490
Basic concepts ······································································································································· 490
MACsec services ··································································································································· 490
MACsec applications ······························································································································ 491
MACsec operating mechanism ·············································································································· 491
Protocols and standards ························································································································ 493
MACsec configuration task list ······················································································································· 494
Enabling MKA ················································································································································ 494
x