HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 96
Enabling the periodic online user re-authentication function, Configuration guidelines,
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 96 highlights
You can set the quiet timer to a high value in a vulnerable network or a low value for quicker authentication response. To configure the quiet timer: Step 1. Enter system view. 2. Enable the quiet timer. 3. Set the quiet timer. Command system-view dot1x quiet-period dot1x timer quiet-period quiet-period-value Remarks N/A By default, the timer is disabled. Optional. The default is 60 seconds. Enabling the periodic online user re-authentication function Periodic online user re-authentication tracks the connection status of online users and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The re-authentication interval is user configurable. Configuration guidelines • The periodic online user re-authentication timer can also be set by the authentication server in the session-timeout attribute. The server-assigned timer overrides the timer setting on the access device, and enables periodic online user re-authentication, even if the function is not configured. Support for the server assignment of re-authentication timer and the re-authentication timer configuration on the server vary with servers. • The VLAN assignment status must be consistent before and after re-authentication. If the authentication server has assigned a VLAN before re-authentication, it must also assign a VLAN at re-authentication. If the authentication server has assigned no VLAN before re-authentication, it must not assign one at re-authentication. Violation of either rule can cause the user to be logged off. The VLANs assigned to an online user before and after re-authentication can be the same or different. • If no critical VLAN is configured, RADIUS server unreachable can cause an online user being re-authenticated to be logged off. If a critical VLAN is configured, the user remains online and in the original VLAN. Configuration procedure To enable the periodic online user re-authentication function: Step Command 1. Enter system view. system-view 2. Set the periodic re-authentication timer. dot1x timer reauth-period reauth-period-value 3. Enter Ethernet interface view. interface interface-type interface-number Remarks N/A Optional. The default is 3600 seconds. N/A 86