EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #107 background imageLoading...
Page #107 background image
94
information in client handshake messages. If a user fails the authentication, the network access
device logs the user off.
Configuration guidelines
Follow these guidelines when you configure the online user handshake function:
• To use the online handshake security function, make sure the online user handshake function is
enabled. Hewlett Packard Enterprise recommends that you use the iNode client software and
iMC server to ensure the normal operation of the online user handshake security function.
• If the network has 802.1X clients that cannot exchange handshake packets with the network
access device, disable the online user handshake function to prevent their connections from
being inappropriately torn down.
• You must disable proxy detection before disabling the online user handshake function.
Configuration procedure
To configure the online user handshake function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set the handshake timer.
dot1x timer
handshake-period
handshake-period-value
Optional.
The default is 15 seconds.
3. Enter Ethernet interface
view.
interface
interface-type
interface-number
N/A
4. Enable the online
handshake function.
dot1x handshake
Optional.
By default, the function is
enabled.
5. Enable the online
handshake security function.
dot1x handshake secure
Optional.
By default, the function is
disabled.
Enabling the proxy detection function
The proxy detection function prevents users from using an authenticated 802.1X client as a network
access proxy to bypass monitoring and accounting. When a user is detected accessing the network
through a proxy, the network access device can send traps to the network management system or
log the user off by sending an offline message.
Before you enable the proxy detection function, complete the following tasks:
• Enable the online user handshake function (see "Configuring the online user handshake
fu
nction").
• Deploy HPE iNode client software in your network.
To configure the proxy detection function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the proxy detection
function globally.
dot1x supp-proxy-check
{
logoff
|
trap
}
By default, the
function is disabled.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals