To Next Page

To Previous Page

Configuring the online user handshake feature

The online user handshake feature checks the connectivity status of online 802.1X users. The access

device sends handshake messages to online users at the interval specified by the dot1x timer

handshake-period command. If the device does not receive any responses from an online user after it

has made the maximum handshake attempts, the device sets the user to offline state. To set the maximum

handshake attempts, use the dot1x retry command.

If iNode clients are deployed, you can also enable the online user handshake security feature to check

authentication information in the handshake packets from clients. This feature can prevent 802.1X users

who use illegal client software from bypassing iNode security check, such as dual network interface

cards (NICs) detection. If a user fails the handshake security checking, the device sets the user to the

offline state.

Configuration guidelines

When you configure the online user handshake feature, follow these restrictions and guidelines:

• To use the online user handshake security feature, make sure the online user handshake feature is

enabled.

• The online user handshake security feature takes effect only on the network where the iNode client

and IMC server are used.

• If the network has 802.1X clients that cannot exchange handshake packets with the access device,

disable the online user handshake feature. This operation prevents the 802.1X connections from

being incorrectly torn down.

Configuration procedure

To configure the online user handshake feature:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. (Optional.) Set the handshake

timer.

dot1x timer handshake-period

handshake-period-value

The default is 15 seconds.

3. Enter Layer 2 Ethernet

interface view.

interface interface-type

interface-number

N/A

4. Enable the online handshake

feature.

dot1x handshake By default, the feature is enabled.

5. (Optional.) Enable the online

user handshake security

feature.

dot1x handshake secure By default, the feature is disabled.

Configuring the authentication trigger feature

The authentication trigger feature enables the access device to initiate 802.1X authentication when

802.1X clients cannot initiate authentication.

Other manuals for HP FlexFabric 5700 series

Configuration Guide185 pages

Questions and Answers:

Need help?

Do you have a question about the HP FlexFabric 5700 series and is the answer not in the manual?

HP FlexFabric 5700 series Specifications

General

Layer Support	L2/L3
Routing Protocol	OSPF, BGP, RIP, IS-IS, Static Routing
Remote Management Protocol	SNMP, CLI, Web
Features	VXLAN
Compliant Standards	IEEE 802.1D, 802.1Q, 802.1w, 802.1s, 802.3ad
Operating Temperature	0°C to 45°C
Operating Humidity	10% to 90% (non-condensing)
VLANs	4K