HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 95
Configuration procedure, Specifying a mandatory authentication domain on a port, Configuring
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 95 highlights
• Enable the multicast trigger on a port when the clients attached to the port cannot send EAPOL-Start packets to initiate 802.1X authentication. • Enable the unicast trigger on a port if only a few 802.1X clients are attached to the port and these clients cannot initiate authentication. • To avoid duplicate authentication packets, do not enable both triggers on a port. Configuration procedure To configure the authentication trigger function on a port: Step Command 1. Enter system view. system-view 2. Set the username request timeout timer. dot1x timer tx-period tx-period-value 3. Enter Ethernet interface view. interface interface-type interface-number 4. Enable an authentication trigger. dot1x { multicast-trigger | unicast-trigger } Remarks N/A Optional. The default is 30 seconds. N/A Required if you want to enable the unicast trigger. By default, the multicast trigger is enabled, and the unicast trigger is disabled. Specifying a mandatory authentication domain on a port You can place all 802.1X users in a mandatory authentication domain for authentication, authorization, and accounting on a port. No user can use an account in any other domain to access the network through the port. The implementation of a mandatory authentication domain enhances the flexibility of 802.1X access control deployment. To specify a mandatory authentication domain for a port: Step Command 1. Enter system view. system-view 2. Enter Ethernet interface view. interface interface-type interface-number 3. Specify a mandatory 802.1X authentication domain on the port. dot1x mandatory-domain domain-name Remarks N/A N/A By default, no mandatory 802.1X authentication domain is specified. Configuring the quiet timer The quiet timer enables the network access device to wait a period of time before it can process any authentication request from a client that has failed an 802.1X authentication. 85