HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 93
Setting the 802.1X authentication timeout timers, Configuring the online user handshake function
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
access device stops retransmitting the request, if it has made the maximum number of request transmission attempts but still received no response. To set the maximum number of authentication request attempts: Step 1. Enter system view. 2. Set the maximum number of attempts for sending an authentication request. Command system-view dot1x retry max-retry-value Remarks N/A Optional. The default setting is 2. Setting the 802.1X authentication timeout timers The network device uses the following 802.1X authentication timeout timers: • Client timeout timer-Starts when the access device sends an EAP-Request/MD5 Challenge packet to a client. If no response is received when this timer expires, the access device retransmits the request to the client. • Server timeout timer-Starts when the access device sends a RADIUS Access-Request packet to the authentication server. If no response is received when this timer expires, the access device retransmits the request to the server. You can set the client timeout timer to a high value in a low-performance network, and adjust the server timeout timer to adapt to the performance of different authentication servers. In most cases, the default settings are sufficient. To set the 802.1X authentication timeout timers: Step 1. Enter system view. Command system-view 2. Set the client timeout dot1x timer supp-timeout timer. supp-timeout-value 3. Set the server timeout dot1x timer server-timeout timer. server-timeout-value Remarks N/A Optional. The default is 30 seconds. Optional. The default is 100 seconds. Configuring the online user handshake function The online user handshake function checks the connectivity status of online 802.1X users. The network access device sends handshake messages to online users at the interval specified by the dot1x timer handshake-period command. If no response is received from an online user after the maximum number of handshake attempts (set by the dot1x retry command) has been made, the network access device sets the user in the offline state. If iNode clients are deployed, you can also enable the online handshake security function to check for 802.1X users that use illegal client software to bypass security inspection such as proxy detection and dual network interface cards (NICs) detection. This function checks the authentication information in client handshake messages. If a user fails the authentication, the network access device logs the user off. 83