HP ProCurve 9304M Security Manual page 98

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

NOTE: You cannot enable 802.1X port security on ports that have any of the following features enabled:

•

Link aggregation

•

Metro Ring Protocol (MRP)

•

Tagged port

•

Mirror port

•

Trunk port

In releases prior to 07.6.04, 802.1X port security could not be enabled on a port where Layer 2 switching was

disabled (with the route-only command), and an 802.1X port could not be specified as a member of a virtual

interface (ve). Both of these restrictions were removed in release 07.6.04.

Configuring Periodic Re-Authentication

You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled interfaces.

When you enable periodic re-authentication, the device re-authenticates Clients every 3,600 seconds by default.

You can optionally specify a different re-authentication interval of between 1 – 4294967295 seconds.

To configure periodic re-authentication using the default interval of 3,600 seconds, enter the following command:

ProCurveRS(config-dot1x)# re-authentication

Syntax: [no] re-authentication

To configure periodic re-authentication with an interval of 2,000 seconds, enter the following commands:

ProCurveRS(config-dot1x)# re-authentication

ProCurveRS(config-dot1x)# timeout re-authperiod 2000

Syntax: [no] timeout re-authperiod <seconds>

The re-authentication interval is a global setting, applicable to all 802.1X-enabled interfaces. If you want to re

authenticate Clients connected to a specific port manually, use the dot1x re-authenticate command. See "Re-

Authenticating a Port Manually", below.

Re-Authenticating a Port Manually

When periodic re-authentication is enabled, by default the HP device re-authenticates Clients connected to an

802.1X-enabled interface every 3,600 seconds (or the time specified by the dot1x timeout re-authperiod

command). You can also manually re-authenticate Clients connected to a specific port.

For example, to re-authenticate Clients connected to interface 3/1, enter the following command:

ProCurveRS# dot1x re-authenticate e 3/1

Syntax: dot1x re-authenticate <portnum>

Setting the Quiet Period

If the HP device is unable to authenticate the Client, the HP device waits a specified amount of time before trying

again. The amount of time the HP device waits is specified with the quiet-period parameter. The quiet-period

parameter can be from 0 – 4294967295 seconds. The default is 60 seconds.

For example, to set the quiet period to 30 seconds, enter the following command:

ProCurveRS(config-dot1x)# timeout quiet-period 30

Syntax: [no] timeout quiet-period <seconds>

Setting the Interval for Retransmission of EAP-Request/Identity Frames

When the HP device sends a Client an EAP-request/identity frame, it expects to receive an EAP-response/identity

frame from the Client. If the Client does not send back an EAP-response/identity frame, the device waits a

4 - 12

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 98

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents