R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

101

102

103

104

105

106

107

108

109

110

Ste

Command

Remarks

2. Enter Ethernet interface view.

interface interface-type

interface-number

N/A

3. Specify a mandatory 802.1X

authentication domain on the

port.

dot1x mandatory-domain

domain-name

By default, no mandatory 802.1X

authentication domain is specified.

Configuring the quiet timer

The quiet timer enables the network access device to wait a period of time before it can process any

authentication request from a client that has failed an 802.1X authentication.

You can set the quiet timer to a high value in a vulnerable network or a low value for quicker

authentication response.

To configure the quiet timer:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable the quiet timer.

dot1x quiet-period By default, the timer is disabled.

3. (Optional.) Set the quiet timer.

dot1x timer quiet-period

quiet-period-value

The default is 60 seconds.

Enabling the periodic online user reauthentication

function

Periodic online user reauthentication tracks the connection status of online users, and updates the

authorization attributes assigned by the server. The attributes include the ACL and VLAN. The

reauthentication interval is user configurable.

The session timeout timer and termination action attributes assigned by the server can affect the periodic

online user reauthentication function. To display the server-assigned session timeout timer and

termination action attributes, use the display dot1x connection command.

• If the termination action is Default, make sure the periodic reauthentication timer is shorter than the

session timeout timer. Otherwise the device logs off the online authenticated users when the session

timeout timer expires.

• If the termination action is Radius-request, the periodic online user reauthentication configuration

does not take effect on the device. The device reauthenticates the online 802.1X users when the

session timeout timer expires.

Support for the server assignment of session timeout timer and termination action varies with servers.

The VLANs assigned to an online user before and after reauthentication can be the same or different.

To enable the periodic online user reauthentication function:

Ste

Command

Remarks

1. Enter system view.

system-view N/A