3com S7906E Instruccion De Instalación
1-16
Enabling the Online User Handshake Function
The online user handshake function allows the device to send handshake messages to online users to
check whether the users are still online at the interval specified by the dot1x timer handshake-period
command. If the device does not receive any response from an online user after the device has sent the
handshake packet for the maximum number of times, which is set by the dot1x retry command, the
device will set the user state to offline.
Follow these steps to configure the online user handshake function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet interface view
interface interface-type
interface-number
interface-number
—
Enable the online handshake
function
function
dot1x handshake
Optional
Enabled by default
z
You need to disable proxy detection before disabling the online user handshake function.
z
Some 802.1X clients do not support exchanging handshake packets with the device. In this case,
you need to disable the online user handshake function on the device; otherwise the device will
tear down the connections with such online users for not receiving handshake responses.
Enabling the Proxy Detection Function
With the proxy detection function enabled, the device can prevent users from logging in through proxies,
that is, authenticated 802.1X clients, so that no user can access network resources through a proxy or
bypass monitoring and accounting. If detecting that a user is logging in through a proxy, the device will
send a trap message to the network management system or/and force the user offline by sending an
offline message.
The proxy detection function is based on the online user handshake function. Before enabling the proxy
detection function, make sure that the online user handshake function is enabled. For how to configure
the online user handshake function, refer to
Follow these steps to configure the proxy detection function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the proxy detection
function globally
function globally
dot1x supp-proxy-check
{ logoff | trap }
{ logoff | trap }
Required
Disabled by default