HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 81
Configuring the online user handshake function, Configuring the authentication trigger function
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 81 highlights
Step 3. Set the server timeout timer. Command dot1x timer server-timeout server-timeout-value Remarks The default is 100 seconds. Configuring the online user handshake function The online user handshake function checks the connectivity status of online 802.1X users. The network access device sends handshake messages to online users at the interval specified by the dot1x timer handshake-period command. If no response is received from an online user after the maximum number of handshake attempts (set by the dot1x retry command) has been made, the network access device sets the user in the offline state. If the network has 802.1X clients that cannot exchange handshake packets with the network access device, disable the online user handshake function to prevent their connections from being inappropriately torn down. To configure the online user handshake function: Step Command 1. Enter system view. system-view 2. (Optional.) Set the handshake dot1x timer handshake-period timer. handshake-period-value 3. Enter Ethernet interface view. interface interface-type interface-number 4. Enable the online handshake function. dot1x handshake Remarks N/A The default is 15 seconds. N/A By default, the function is enabled. Configuring the authentication trigger function The authentication trigger function enables the network access device to initiate 802.1X authentication when 802.1X clients cannot initiate authentication. This function provides the following types of authentication trigger: • Multicast trigger-Periodically multicasts Identity EAP-Request packets out of a port to detect 802.1X clients and trigger authentication. • Unicast trigger-Enables the network device to initiate 802.1X authentication when it receives a data frame from an unknown source MAC address. The device sends a unicast Identity EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has received no response within a period of time. This process continues until the maximum number of request attempts set with the dot1x retry command is reached (see "Setting the maximum number of authentication request attempts"). The identity request timeout timer sets both the identity request interval for the multicast trigger and the identity request timeout interval for the unicast trigger. 72