Configuring The Authentication Trigger Function - HP 5120 EI Switch Series Configuration Manual

If iNode clients are deployed, you can also enable the online handshake security function to check for
802.1X users that use illegal client software to bypass security inspection such as proxy detection and
dual network interface cards (NICs) detection. This function checks the authentication information in client
handshake messages. If a user fails the authentication, the network access device logs the user off.
Configuration guidelines
Follow these guidelines when you configure the online user handshake function:
To use the online handshake security function, make sure the online user handshake function is

enabled. HP recommends that you use the iNode client software and iMC server to ensure the
normal operation of the online user handshake security function.
If the network has 802.1X clients that cannot exchange handshake packets with the network access

device, disable the online user handshake function to prevent their connections from being
inappropriately torn down.
Configuration procedure
Follow these steps to configure the online user handshake function:
To do...
Enter system view
Set the handshake timer
Enter Layer 2 Ethernet interface
view
Enable the online handshake
function
Enable the online handshake
security function
NOTE:

When 802.1X clients do not support exchanging handshake packets with the device, disable the online user
handshake function on the device. If not, the device will tear down the connections with these online users for not
receiving handshake responses.

HP recommends that you use the iNode client software and iMC server to ensure the normal operation of the
online user handshake security function.

Configuring the authentication trigger function

About the authentication trigger function
The authentication trigger function enables the network access device to initiate 802.1X authentication
when 802.1X clients cannot initiate authentication.
This function provides the following types of authentication trigger:
Multicast trigger—Periodically multicasts Identity EAP-Request packets out of a port to detect 802.1X

clients and trigger authentication.
 Unicast trigger—Enables the network device to initiate 802.1X authentication when it receives a data
frame from an unknown source MAC address. The device sends a unicast Identity EAP/Request
packet to the unknown source MAC address, and retransmits the packet if it has received no
Use the command...
system-view
dot1x timer handshake-period
handshake-period-value
interface interface-type interface-
number
dot1x handshake
dot1x handshake secure
79
Remarks
—
Optional
The default is 15 seconds.
—
Optional
Enabled by default
Optional
Disabled by default