Configuring The Online User Handshake Function; Configuring The Authentication Trigger Function - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (207 pages)
Table of Contents
Advertisement
Configuring the online user handshake function
The online user handshake function checks the connectivity status of online 802.1X users. The network
access device sends handshake messages to online users at the interval specified by the dot1x timer
handshake-period command. If no response is received from an online user after the maximum number
of handshake attempts (set by the dot1x retry command) has been made, the network access device sets
the user in the offline state.
If iNode clients are deployed, you can also enable the online handshake security function to check for
802.1X users who use illegal client software to bypass security inspection, such as proxy detection and
dual network interface cards (NICs) detection. This function checks the authentication information in
client handshake messages. If a user fails the authentication, the network access device logs the user off.
Configuration guidelines
Follow these guidelines when you configure the online user handshake function:
To use the online handshake security function, make sure that the online user handshake function is
•
enabled. HP recommends that you use the iNode client software and iMC server to ensure normal
operation of the online user handshake security function.
If the network has 802.1X clients that cannot exchange handshake packets with the network access
•
device, disable the online user handshake function to prevent their connections from being
inappropriately torn down.
Configuration procedure
To configure the online user handshake function:
To do...
1.
Enter system view.
2.
Set the handshake timer.
3.
Enter Ethernet interface view.
4.
Enable the online handshake
function.
5.
Enable the online handshake
security function.
Configuring the authentication trigger function
The authentication trigger function enables the network access device to initiate 802.1X authentication
when 802.1X clients cannot initiate authentication.
This function provides the following types of authentication trigger:
Multicast trigger—Periodically multicasts Identity EAP-Request packets out of a port to detect
•
802.1X clients and trigger authentication.
Unicast trigger—Enables the network device to initiate 802.1X authentication when it receives a
•
data frame from an unknown source MAC address. The device sends a unicast Identity
EAP/Request packet to the unknown source MAC address, and it retransmits the packet if it has
received no response within a period of time. This process continues until the maximum number of
Use the command...
system-view
dot1x timer handshake-period
handshake-period-value
interface interface-type interface-
number
dot1x handshake
dot1x handshake secure
78
Remarks
—
Optional.
The default is 15 seconds.
—
Optional.
Enabled by default.
Optional.
Disabled by default.
Advertisement
Table of Contents
Troubleshooting
