EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #94 background imageLoading...
Page #94 background image
81
Figure 37 EAP-Message attribute format
Message-Authenticator
RADIUS includes the Message-Authenticator attribute in all packets that have an EAP-Message
attribute to check their integrity. The packet receiver drops the packet if the calculated packet
integrity checksum is different from the Message-Authenticator attribute value. The
Message-Authenticator prevents EAP authentication packets from being tampered with during EAP
authentication.
Figure 38 Message-Authenticator attribute format
Initiating 802.1X authentication
Both the 802.1X client and the access device can initiate 802.1X authentication.
802.1X client as the initiator
The client sends an EAPOL-Start packet to the access device to initiate 802.1X authentication. The
destination MAC address of the packet is the IEEE 802.1X specified multicast address
01-80-C2-00-00-03 or the broadcast MAC address. If any intermediate device between the client
and the authentication server does not support the multicast address, use an 802.1X client, the HPE
iNode 802.1X client for example, that can send broadcast EAPOL-Start packets.
Access device as the initiator
The access device initiates authentication, if a client cannot send EAPOL-Start packets (for example,
an 802.1X client available with Windows XP).
The access device supports the following modes:
• Multicast trigger mode—The access device multicasts Identity EAP-Request packets
periodically (every 30 seconds by default) to initiate 802.1X authentication.
• Unicast trigger mode—Upon receiving a frame with the source MAC address not in the MAC
address table, the access device sends an Identity EAP-Request packet out of the receiving
port to the unknown MAC address. It retransmits the packet if no response has been received
within a certain time interval.
802.1X authentication procedures
802.1X provides the following authentication methods: EAP relay and EAP termination. You choose
either mode depending on the support of the RADIUS server for EAP packets and EAP
authentication methods.
• EAP relay mode:

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals