EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #106 background imageLoading...
Page #106 background image
93
Configuring the EAD assistant feature
When you configure the EAD assistant feature, follow these restrictions and guidelines:
• You must disable MAC authentication and port security globally before you enable the EAD
assistant feature.
• To make the EAD assistant feature take effect on an 802.1X-enabled port, you must set the port
authorization mode to auto.
• When global MAC authentication or port security is enabled, the free IP does not take effect.
• If you use free IP, guest VLAN, and Auth-Fail VLAN features together, make sure the free IP
segments are in both guest VLAN and Auth-Fail VLAN.
• To allow a user to obtain a dynamic IP address before it passes 802.1X authentication, make
sure the DHCP server is on the free IP segment.
• The server that provides the redirect URL must be on the free IP accessible to unauthenticated
users.
• To avoid using up ACL resources when a large number of EAD users exist, you can shorten the
EAD rule timer.
To configure the EAD assistant feature:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable EAD assistant.
dot1x ead-assistant enable
By default, this feature is disabled.
3. Configure a free IP.
dot1x ead-assistant free-ip
ip-address { mask-length |
mask-address }
By default, no free IP is configured.
4. (Optional.)
Configure the
redirect URL.
dot1x ead-assistant url
url-string
By default
, no redirect URL is
configured.
Configure the redirect URL if users will
use Web browsers to access the
network.
5. (Optional.) Set
the EAD
rule timer.
dot1x timer ead-timeout
ead-timeout-value
The default setting is 30 minutes.
Displaying and maintaining 802.1X
Execute the display commands in any view and reset commands in user view.
Task
Command
Display 802.1X session information,
statistics, or configuration information of
specified or all ports.
display
dot1x
[
sessions
|
statistics
] [
interface
interface-type interface-number ]
Display online 802.1X user information.
display dot1x connection
[
interface
interface-type
interface-number |
slot
slot-number |
user-mac
mac-addr |
user-name
name-string ]
Clear 802.1X statistics.
reset
dot1x statistics
[
interface
interface-type
interface-number ]
Remove users from the 802.1X guest VLAN
on a port.
reset dot1x guest-vlan interface
interface-type
interface-number [
mac-address
mac-address ]

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals