R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

101

102

103

104

105

106

107

108

109

110

made the maximum retransmission attempts but received no response, it stops the 802.1X

authentication process for the client.

• If the device receives an EAP-Response/Notification packet within the timer or before the maximum

retransmission attempts have been made, it starts the SmartOn authentication. If the SmartOn

switch ID and the MD5 digest of the SmartOn password in the packet match those on the device,

802.1X authentication continues for the client. Otherwise, the device denies the client's 802.1X

authentication request.

To configure 802.1X SmartOn:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter Ethernet interface view.

interface interface-type

interface-number

N/A

3. Enable the SmartOn feature on

the port.

dot1x smarton By default, this feature is disabled.

4. Return to system view.

quit N/A

5. Configure the SmartOn switch

ID.

dot1x smarton switchid

switch-string

By default, no SmartOn switch ID is

configured.

6. Configure the SmartOn

password.

dot1x smarton password { cipher

cipher-string | simple plain-string }

By default, no SmartOn password

is configured.

7. (Optional.) Set the SmartOn

client timeout timer.

dot1x smarton timer supp-timeout

The default timer is 30 seconds.

8. (Optional.) Configure the

maximum attempts for

retransmitting an

EAP-Request/Notification

packet to a client.

dot1x smarton retry retries

By default, the device allows a

maximum of 3 attempts for

retransmitting an

EAP-Request/Notification packet

to a client.

Displaying and maintaining 802.1X

Execute the display commands in any view and reset commands in user view.

Task Command

Display 802.1X session information,

statistics, or configuration information of

specified or all ports.

display dot1x [ sessions | statistics ] [ interface interface-type

interface-number ]

Display online 802.1X user information

(MSR2000/MSR3000).

display dot1x connection [ interface interface-type interface-number

| user-mac mac-addr | user-name name-string ]

Display online 802.1X user information

(MSR4000).

display dot1x connection [ interface interface-type interface-number

| slot slot-number | user-mac mac-addr | user-name name-string ]

Clear 802.1X statistics.

reset dot1x statistics [ interface interface-type interface-number ]

Remove users from the 802.1X guest

VLAN on a port.

reset dot1x guest-vlan interface interface-type interface-number

[ mac-address mac-address ]