Configuring URPF ···················································································································································· 268
URPF check modes ·············································································································································· 268
URPF work flow ···················································································································································· 268
Network application ··········································································································································· 271
Configuring URPF ························································································································································· 271
URPF configuration example ······························································································································ 272
Configuring MFF ····················································································································································· 273
Basic concepts ····················································································································································· 274
MFF operation modes ········································································································································· 274
MFF work flow ····················································································································································· 275
Protocols and standards ····································································································································· 275
Configuring MFF ·························································································································································· 275
Displaying and maintaining MFF ······························································································································· 277
MFF configuration examples ······································································································································· 277
Configuring password control ································································································································ 284
FIPS compliance ··························································································································································· 286
Enabling password control ········································································································································· 287
Configuring FIPS······················································································································································ 295
Overview ······································································································································································· 295
FIPS self-tests ································································································································································· 295
Power-up self-test ················································································································································· 295
Conditional self-tests ············································································································································ 295
Triggering a self-test ············································································································································ 295
Configuring FIPS ··························································································································································· 296
Enabling the FIPS mode ······································································································································ 296
Triggering a self-test ············································································································································ 296
Displaying and maintaining FIPS ······························································································································· 297
FIPS configuration example········································································································································· 297
Configuring IPsec ···················································································································································· 299
IPsec overview ······························································································································································ 299
Basic concepts ····················································································································································· 299
Protocols and standards ····································································································································· 302
FIPS compliance ··························································································································································· 302
Configuring IPsec ························································································································································· 302
Implementing ACL-based IPsec ··································································································································· 302
Configuring ACLs ················································································································································ 303
Configuring an IPsec policy ······························································································································· 305
vii