Configuration guidelines, Configuration procedure, Configuring the authentication trigger function – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 133
119
Configuration guidelines
Follow these guidelines when you configure the online user handshake function:
•
To use the online handshake security function, make sure the online user handshake function is
enabled. H3C recommends that you use the iNode client software and iMC server to guarantee the
normal operation of the online user handshake security function.
•
If the network has 802.1X clients that cannot exchange handshake packets with the network access
device, disable the online user handshake function to prevent their connections from being
inappropriately torn down.
Configuration procedure
To configure the online user handshake function:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the handshake timer.
dot1x timer handshake-period
handshake-period-value
Optional.
The default is 15 seconds.
3.
Enter Layer 2 Ethernet or
WLAN-ESS interface view.
interface interface-type
interface-number
N/A
4.
Enable the online handshake
function.
dot1x handshake
Optional.
Enabled by default.
5.
Enable the online handshake
security function.
dot1x handshake secure
Optional.
Disabled by default.
Configuring the authentication trigger function
The authentication trigger function enables the network access device to initiate 802.1X authentication
when 802.1X clients cannot initiate authentication.
This function provides the following types of authentication trigger:
•
Multicast trigger—Periodically multicasts Identity EAP-Request packets out of a port to detect 802.1X
clients and trigger authentication.
•
Unicast trigger—Enables the network device to initiate 802.1X authentication when it receives a
data frame from an unknown source MAC address. The device sends a unicast Identity
EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has
received no response within a period of time. This process continues until the maximum number of
request attempts set with the dot1x retry command (see "
authentication request attempts
") is reached.
The identity request timeout timer sets both the identity request interval for the multicast trigger and the
identity request timeout interval for the unicast trigger.
Configuration guidelines
Follow these guidelines when you configure the authentication trigger function:
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000