Specifying An Ssl Client Policy; Displaying And Maintaining 802.1X Client - HPE FlexNetwork 10500 Series Security Configuration Manual

Do not configure the 802.1X client anonymous identifier if the vendor-specific authentication server
cannot identify anonymous identifiers.
To configure an 802.1X client anonymous identifier on an interface:
Step
1. Enter system view.
2. Enter Ethernet interface
view.
3. Configure an 802.1X
client anonymous
identifier.

Specifying an SSL client policy

If the PEAP-MSCHAPv2, PEAP-GTC, TTLS-MSCHAPv2, or TTLS-GTC authentication is used, the
802.1X client authentication process is as follows:
•
The first phase—The device acts as an SSL client to negotiate with the SSL server.
The SSL client uses the SSL parameters defined in the specified SSL client policy to establish a
connection with the SSL server for negotiation. The SSL parameters include a PKI domain,
supported cipher suites, and the SSL version. For information about SSL client policy
configuration, see
•
The second phase—The device uses the negotiated result to encrypt and transmit the
interchanged authentication packets.
If the MD5-Challenge authentication is used, the device does not use an SSL client policy during the
authentication process.
To specify an SSL client policy on an interface:
Step
1. Enter system view.
2. Enter Ethernet interface
view.
3. Specify an SSL client
policy.

Displaying and maintaining 802.1X client

Execute display commands in any view.
Task
Display 802.1X client information.
Command
system-view
interface interface-type
interface-number
dot1x supplicant anonymous
identify identifier
"Configuring SSL."
Command
system-view
interface interface-type
interface-number
dot1x supplicant
ssl-client-policy policy-name
Command
display dot1x supplicant [ interface interface-type
interface-number ]
591
Remarks
N/A
N/A
By default, no 802.1X client
anonymous identifier exists.
Remarks
N/A
N/A
By default, an 802.1X client-enabled
interface uses the default SSL client
policy.