H3C S3100 Series Command Manual page 380
Hide thumbs
Also See for S3100 Series:
- Command manual (1186 pages) ,
- Operation manual (1057 pages) ,
- Installation manual (94 pages)
Table of Contents
Advertisement
By default, 802.1x proxy checking is disabled on all Ethernet ports.
In system view:
If you do not specify the interface-list argument, the configurations performed by these two
commands are global.
If you specify the interface-list argument, these two commands apply to the specified Ethernet
ports.
In Ethernet port view, the interface-list argument is not available and the commands apply to only the
current Ethernet port.
The proxy checking function takes effect on a port only when the function is enabled both globally and
on the port.
802.1x proxy checking checks for:
Users logging in through proxies
Users logging in through IE proxies
Whether or not a user logs in through multiple network adapters (that is, when the user attempts to
log in, it contains more than one active network adapters.)
A switch can optionally take the following actions in response to any of the above three cases:
Only disconnects the user but sends no Trap packets, which can be achieved by using the dot1x
supp-proxy-check logoff command.
Sends Trap packets without disconnecting the user, which can be achieved by using the dot1x
supp-proxy-check trap command.
This function needs the cooperation of 802.1x clients and the CAMS server:
Multiple network adapter checking, proxy checking, and IE proxy checking are enabled on the
802.1x client.
The CAMS server is configured to disable the use of multiple network adapters, proxies, and IE
proxy.
By default, proxy checking is disabled on 802.1x client. In this case, if you configure the CAMS server to
disable the use of multiple network adapters, proxies, and IE proxy, it sends messages to the 802.1x
client to ask the latter to disable the use of multiple network adapters, proxies, and IE proxy after the
user passes the authentication.
The 802.1x proxy checking function needs the cooperation of H3C's 802.1x client program.
The proxy checking function takes effect only after the client version checking function is enabled
on the switch (using the dot1x version-check command).
Related command: display dot1x.
Example
# Configure to disconnect the users connected to Ethernet1/0/1 through Ethernet1/0/8 ports if they are
detected logging in through proxies.
<Sysname> system-view
1-18
Advertisement
Chapters
Table of Contents
