Configuring The Online User Handshake Function; Enabling The Proxy Detection Function - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Configuring the online user handshake function
The online user handshake function allows the device to send handshake messages to online users to
check whether the users are still online at the interval specified by dot1x timer handshake-period. If the
device does not receive any response from an online user after the device has sent the handshake
packet for the maximum number of times set by dot1x retry, the device sets the user state to offline.
The online user handshake security function helps prevent online users from using illegal client software
to exchange handshake messages with the device. Using illegal client software for handshake message
exchange may result in escape from some security inspection functions, such as proxy detection and
dual NIC detection. With the online handshake security function enabled, the device checks the
authentication information carried in client handshake messages. If a client fails the authentication, the
device forces the user to log off.
The online user handshake security function is implemented based on the online user handshake
function. To bring the security function into effect, keep the online user handshake function enabled.
To configure the online user handshake function:
To do...
1.
Enter system view.
2.
Enter Ethernet interface view.
3.
Enable the online handshake function.
4.
Enable the online handshake security
function.
NOTE:
You must disable proxy detection before disabling the online user handshake function.
•
When 802.1X clients do not support exchanging handshake packets with the device, disable the
•
online user handshake function on the device. If not, the device tears down the connections with such
online users for not receiving handshake responses.
HP recommends that you use the iNode client software and iMC server to ensure normal operation of
•
the online user handshake security function.
Enabling the proxy detection function
The proxy detection function prevents users from using an authenticated 802.1X client as a network
access proxy to bypass monitoring and accounting. When a user is detected accessing the network
through a proxy, the network access device can send traps to the network management system or log
the user off by sending an offline message.
Prerequisites
Enable the online user handshake function (see
•
Make sure that HP iNode client software is deployed in your network.
•
Command...
system-view
interface interface-type
interface-number
dot1x handshake
dot1x handshake secure
Configuring
the online user handshake function)
87
Remarks
—
—
Optional
Enabled by default
Optional
Disabled by default
Advertisement
Table of Contents
Troubleshooting
