93
Configuration guidelines
Follow these guidelines when you configure the online user handshake function:
• To use the online handshake security function, make sure the online user handshake function is
enabled. HP recommends that you use the iNode client software and iMC server to guarantee the
normal operation of the online user handshake security function.
• If the network has 802.1X clients that cannot exchange handshake packets with the network access
device, disable the online user handshake function to prevent their connections from being
inappropriately torn down.
Configuration procedure
Follow these steps to configure the online user handshake function:
To do… Use the command… Remarks
Enter system view system-view —
Set the handshake timer
dot1x timer handshake-period
handshake-period-value
Optional
The default is 15 seconds.
Enter Ethernet interface view
interface interface-type
interface-number
—
Enable the online handshake
function
dot1x handshake
Optional
Enabled by default.
Enable the online handshake
security function
dot1x handshake secure
Optional
Disabled by default.
Configuring the authentication trigger function
About the authentication trigger function
The authentication trigger function enables the network access device to initiate 802.1X authentication
when 802.1X clients cannot initiate authentication.
This function provides the following types of authentication trigger:
• Multicast trigger—Periodically multicasts Identity EAP-Request packets out of a port to detect 802.1X
clients and trigger authentication.
• Unicast trigger—Enables the network device to initiate 802.1X authentication when it receives a
data frame from an unknown source MAC address. The device sends a unicast Identity
EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has
received no response within a period of time. This process continues until the maximum number of
request attempts set with the dot1x retry command (see “Setting the maximum number of
a
u
thentication request attempts”) is reached.
The identity request timeout timer sets both the identity request interval for the multicast trigger and the
identity request timeout interval for the unicast trigger.
Configuration guidelines
Follow these guidelines when you configure the authentication trigger function:
• Enable the multicast trigger on a port when the clients attached to the port cannot send EAPOL-Start
packets to initiate 802.1X authentication.
To Next Page
Loading...
