EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #149 background imageLoading...
Page #149 background image
136
Table 11 Port security configuration for WLAN ports
Port security mode Description
presharedKey, userLoginSecureExt,
userLoginSecureExtOrPresharedKey,
and macAddressAndPresharedKey
On WPA or RSN networks using any of these modes, key
negotiation must be enabled.
• In presharedKeyand macAddressAndPresharedKey
modes, you need to configure the PSK.
• In userLoginSecureExt mode, you do not need to configure
the PSK.
• In userLoginSecureExtOrPresharedKey mode, you can
determine whether to configure any PSK.
Port security modes other than
presharedKey,
userLoginSecureExtOrPresharedKey,
and macAddressAndPresharedKey
No key negotiation is performed and you do not need to enable
key negotiation.
For more information about WLAN service templates, see HPE FlexNetwork MSR Router Series
Comware 5 WLAN Configuration Guide.
By default, an 802.1X-enabled access device periodically multicasts Identity EAP-Request packets
out of ports to detect 802.1X clients and trigger authentication. To save the bandwidth of WLAN ports,
Hewlett Packard Enterprise recommends that you disable the multicast trigger function (see
"Configuring 802.1X").
Setting the port security mode of a WLAN port
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Set a port security mode for
the WLAN port.
port-security
port-mode
{
mac-and-psk
|
mac-authentication
|
mac-else-userlogin-secure
|
mac-else-userlogin-secure-ext
|
psk
|
userlogin-secure
|
userlogin-secure-ext
|
userlogin-secure-ext-or-psk
|
userlogin-secure-or-mac
|
userlogin-secure-or-mac-ext
}
By default, a port operates in
noRestrictions mode.
Enabling key negotiation
After a user passes 802.1X authentication, a WLAN port uses EAPOL-Key frames to negotiate the
link-layer session key with the user if the key negotiation function is enabled.
• If key negotiation is enabled, an authenticated user is allowed to access to the port only after
the key negotiation succeeds.
• If key negotiation is disabled, a user can directly access the port after passing authentication.
To enable key negotiation:
Step Command Remarks
1. Enter system view.
system-view
N/A

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals