R2511-HP MSR Router Series Security Configuration Guide(V5)
138
Enabling key negotiation
After a user passes 802.1X authentication, a WLAN port uses EAPOL-Key frames to negotiate the
link-layer session key with the user if the key negotiation function is enabled.
• If key negotiation is enabled, an authenticated user is allowed to access to the port only after the
key negotiation succeeds.
• If key negotiation is disabled, a user can directly access the port after passing authentication.
To enable key negotiation:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Enable key negotiation of the
11 k e y t y p e .
port-security tx-key-type 11key Disabled by default.
Configuring a PSK
A PSK pre-configured on the device is used to negotiate the session key between the user and the device.
To configure a PSK:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface
view.
interface interface-type interface-number N/A
3. Configure a PSK.
port-security preshared-key { pass-phrase |
raw-key } [ cipher | simple ] key
By default, no PSK is configured.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.