EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #123 background imageLoading...
Page #123 background image
110
This feature improves transmission of data that is vulnerable to delay and interference. It is typically
applicable to IP phone users.
To enable MAC authentication multi-VLAN mode on a port:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Enable MAC authentication
multi-VLAN mode.
mac-authentication host-mode
multi-vlan
By default, this feature is disabled
on a port. When the port receives
a packet sourced from an
authenticated user in a VLAN not
matching the existing MAC-VLAN
mapping, the device logs off and
reauthenticates the user.
Configuring MAC authentication delay
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay
MAC authentication so that 802.1X authentication is preferentially triggered.
If no 802.1X authentication is triggered or 802.1X authentication fails within the delay period, the port
continues to process MAC authentication.
Do not set the port security mode to mac-else-userlogin-secure or
mac-else-userlogin-secure-ext when you use MAC authentication delay. The delay does not take
effect on a port in either of the two modes. For more information about port security modes, see
"Configuring port security."
To configure MAC authentication delay:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3.
Enable MAC authentication
delay and set the delay
timer.
mac-
authentication timer
auth-delay
time
By default, MAC authentication
delay is disabled.
Enabling parallel processing of MAC
authentication and 802.1X authentication
IMPORTANT:
This feature is available in Release 1121 and later.
This feature enables a port that processes MAC authentication after 802.1X authentication is
finished to process MAC authentication in parallel with 802.1X authentication.
When the port receives a packet from an unknown MAC address, it sends a unicast
EAP-Request/Identity packet to the MAC address. After that, the port immediately processes MAC
authentication without waiting for the 802.1X authentication result.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals