Setting The 802.1X Authentication Timeout Timers; Configuring The Online User Handshake Function - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
access device stops retransmitting the request if it has made the maximum number of request transmission
attempts but still receives no response.
To set the maximum number of authentication request attempts:
Step
1.
Enter system view.
2.
Set the maximum number of attempts for
sending an authentication request.
Setting the 802.1X authentication timeout timers
The network device uses the following 802.1X authentication timeout timers:
Client timeout timer—Starts when the access device sends an EAP-Request/MD5 Challenge packet
•
to a client. If no response is received when this timer expires, the access device retransmits the
request to the client.
•
Server timeout timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
You can set the client timeout timer to a high value in a low-performance network and adjust the server
timeout timer to adapt to the performance of different authentication servers. In most cases, the default
settings are sufficient.
To set the 802.1X authentication timeout timers:
Step
1.
Enter system view.
2.
Set the client timeout
timer.
3.
Set the server timeout
timer.
Configuring the online user handshake function
The online user handshake function checks the connectivity status of online 802.1X users. The network
access device sends handshake messages to online users at the interval specified by the dot1x timer
handshake-period command. If no response is received from an online user after the maximum number
of handshake attempts (set by the dot1x retry command) has been made, the network access device sets
the user in the offline state.
If iNode clients are deployed, you can also enable the online handshake security function to check for
802.1X users w use illegal client software to bypass security inspection such as proxy detection and dual
network interface cards (NICs) detection. This function checks the authentication information in client
handshake messages. If a user fails authentication, the network access device logs the user off.
Command
system-view
dot1x retry max-retry-value
Command
system-view
dot1x timer supp-timeout
supp-timeout-value
dot1x timer server-timeout
server-timeout-value
89
Remarks
N/A
The default setting is
2.
Remarks
N/A
The default is 30 seconds.
The default is 100 seconds.
Advertisement
Table of Contents
Troubleshooting
