manualshive.com logo in svg

H3C S3100-52P, Manual

The H3C S3100-52P is a high-performance network switch designed to meet the needs of businesses and organizations. To get started with this powerful device, simply download the Installation Manual for free from manualshive.com. This comprehensive manual provides step-by-step instructions for seamless setup and configuration.

Share
Download
background image

Operation Manual – 802.1x and System Guard 
H3C S3100-52P Ethernet switch 

Chapter 1  802.1x Configuration

 

1-5 

00: Indicates that the packet is an EAP-packet, which carries authentication 

information. 

01: Indicates that the packet is an EAPoL-start packet, which initiates the 

authentication. 

02: Indicates that the packet is an EAPoL-logoff packet, which sends logging off 

requests. 

03: Indicates that the packet is an EAPoL-key packet, which carries key 

information. 

04: Indicates that the packet is an EAPoL-encapsulated-ASF-Alert packet, which 

is used to support the alerting messages of Alerting Standards Forum (ASF). 

z

 

The Length field indicates the size of the Packet body field. A value of 0 indicates 

that the Packet Body field does not exist.  

z

 

The Packet body field differs with the Type field. 

Note that EAPoL-Start, EAPoL-Logoff, and EAPoL-Key packets are only transmitted 

between the supplicant system and the authenticator system. EAP packets are 

encapsulated by RADIUS protocol to allow them successfully reach the authentication 

servers. Network management-related information (such as alarming information) is 

encapsulated in EAPoL-Encapsulated-ASF-Alert packets, which are terminated by 

authenticator systems. 

II. The format of an EAP packet 

For an EAPoL packet with the value of the Type field being EAP-packet, its Packet body 

field is an EAP packet, whose format is illustrated in 

Figure 1-4

0

15

Code

Data

Length

7

Identifier

2

4

N

 

Figure 1-4 

The format of an EAP packet 

In an EAP packet: 

z

 

The Code field indicates the EAP packet type, which can be Request, Response, 

Success, or Failure. 

z

 

The Identifier field is used to match a Response packet with the corresponding 

Request packet. 

z

 

The Length field indicates the size of an EAP packet, which includes the Code, 

Identifier, Length, and Data fields. 

z

 

The Data field carries the EAP packet, whose format differs with the Code field. 

A Success or Failure packet does not contain the Data field, so the Length field of it is 4. 

Summary of Contents for S3100-52P

Page 1: ...oxy Checking 1 20 1 4 2 Configuring Client Version Checking 1 21 1 4 3 Enabling DHCP triggered Authentication 1 22 1 4 4 Configuring Guest VLAN 1 22 1 4 5 Configuring 802 1x Re Authentication 1 23 1 4...

Page 2: ...4 1 4 1 System Guard Overview 4 1 4 1 1 Guard Against IP Attacks 4 1 4 1 2 Guard Against TCN Attacks 4 1 4 1 3 Layer 3 Error Control 4 1 4 2 Configuring System Guard 4 1 4 2 1 Configuring System Guar...

Page 3: ...anced 802 1x Configuration z Displaying and Maintaining 802 1x Configuration z Configuration Example 1 1 Introduction to 802 1x The 802 1x protocol 802 1x for short was developed by IEEE802 LAN WAN co...

Page 4: ...he authenticator system is another entity residing at one end of a LAN segment It authenticates the connected supplicant systems The authenticator system is usually an 802 1x supported network device...

Page 5: ...In this case no packets can pass through it z Controlled port and uncontrolled port are two properties of a port Packets reaching a port are visible to both the controlled port and uncontrolled port...

Page 6: ...ses the information about the supplicant system to the authenticator system The authenticator system in turn determines the state authorized or unauthorized of the controlled port according to the ins...

Page 7: ...licant system and the authenticator system EAP packets are encapsulated by RADIUS protocol to allow them successfully reach the authentication servers Network management related information such as al...

Page 8: ...RADIUS protocol packet for EAP authentication Refer to the Introduction to RADIUS protocol section in the AAA Operation for information about the format of a RADIUS protocol packet The EAP message fie...

Page 9: ...ty and Protected Extensible Authentication Protocol PEAP are available in the EAP relay mode z EAP MD5 authenticates the supplicant system The RADIUS server sends MD5 keys contained in EAP request MD5...

Page 10: ...client to initiate an access request by sending an EAPoL start packet to the switch with its user name and password provided The 802 1x client program then forwards the packet to the switch to start...

Page 11: ...allow the supplicant system to access the network z The supplicant system can also terminate the authenticated state by sending EAPoL Logoff packets to the switch The switch then changes the port sta...

Page 12: ...at in the EAP relay mode except that the randomly generated key in the EAP terminating mode is generated by the switch and that it is the switch that sends the user name the randomly generated key and...

Page 13: ...em if the switch does not receive the response from the supplicant system when this timer times out z Transmission timer tx period This timer sets the tx period and is triggered by the switch in two c...

Page 14: ...but sends no Trap packets z Sends Trap packets without disconnecting the supplicant system This function needs the cooperation of 802 1x client and a CAMS server z The 802 1x client needs to be capabl...

Page 15: ...ables supplicant systems that are not authenticated to upgrade their 802 1x client programs With this function enabled z The switch sends authentication triggering request EAP Request Identity packets...

Page 16: ...username and password any more z An authentication server running CAMS authenticates the username and password during re authentication of a user in the EAP authentication mode but does not in PAP or...

Page 17: ...AA scheme Local authentication RADIUS scheme 802 1x configuration Figure 1 11 802 1x configuration z 802 1x users use domain names to associate with the ISP domains configured on switches z Configure...

Page 18: ...02 1x is disabled globally In system view dot1x interface interface list interface interface type interface number dot1x Enable 802 1x for specified ports In port view quit Required By default 802 1x...

Page 19: ...entication method chap pap eap Optional By default a switch performs CHAP authentication in EAP terminating mode Enable online user handshaking dot1x handshake enable Optional By default online user h...

Page 20: ...or not a user is online z As clients that are not of H3C do not support the online user handshaking function switches cannot receive handshake acknowledgement packets from them in handshaking periods...

Page 21: ...default Set 802 1x timers dot1x timer handshake period handshake period value quiet period quiet period value server timeout server timeout value supp timeout supp timeout value tx period tx period v...

Page 22: ...ecting and so on z Client version checking configuration z DHCP triggered authentication z Guest VLAN configuration z 802 1x re authentication configuration z Configuration of the 802 1x re authentica...

Page 23: ...tch too by using the dot1x version check command 1 4 2 Configuring Client Version Checking Follow these steps to configure client version checking To do Use the command Remarks Enter system view syste...

Page 24: ...mic IP addresses through DHCP Follow these steps to enable DHCP triggered authentication To do Use the command Remarks Enter system view system view Enable DHCP triggered authentication dot1x dhcp lau...

Page 25: ...In port view dot1x re authenticate Required By default 802 1x re authentication is disabled on a port Note z To enable 802 1x re authentication on a port you must first enable 802 1x globally and on t...

Page 26: ...value of the Session timeout attribute field as the re authentication interval The following introduces how to configure the 802 1x re authentication timer on the switch Follow these steps to configu...

Page 27: ...11 1 1 operates as the primary authentication server and the secondary accounting server The other operates as the secondary authentication server and primary accounting server The password for the s...

Page 28: ...n IP addresses to the primary authentication and accounting RADIUS servers Sysname radius radius1 primary authentication 10 11 1 1 Sysname radius radius1 primary accounting 10 11 1 2 Assign IP address...

Page 29: ...ver is invalid specify to adopt the local authentication scheme Sysname isp aabbcc net scheme radius scheme radius1 local Specify the maximum number of users the user domain can accommodate to 30 Sysn...

Page 30: ...s the forcible deployment of EAD clients with 802 1x authentication easing the work of EAD client deployment 2 1 2 Operation of Quick EAD Deployment Quick EAD deployment is achieved with the two funct...

Page 31: ...2 1x on the switch z Set the access mode to auto for 802 1x enabled ports 2 2 2 Configuration Procedure I Configuring a free IP range A free IP range is an IP range that users can access before passin...

Page 32: ...upport port security The configured free IP range cannot take effect if you enable port security II Setting the ACL timeout period The quick EAD deployment function depends on ACLs in restricting acce...

Page 33: ...Quick EAD Deployment Configuration Example I Network requirements A user connects to the switch directly The switch connects to the Web server and the Internet The user will be redirected to the Web s...

Page 34: ...than the dotted decimal notation the user may not be redirected This is related with the operating system used on the PC In this case the PC considers the IP address string a name and tries to resolve...

Page 35: ...802 1x authentications when traveling between HABP enabled switches through which management devices can obtain the MAC addresses of the attached switches and thus the management of the attached swit...

Page 36: ...HABP server to send HABP request packets is 20 seconds 3 3 HABP Client Configuration HABP clients reside on switches attached to HABP servers After you enable HABP for a switch the switch operates as...

Page 37: ...ion Manual 802 1x and System Guard H3C S3100 52P Ethernet switch Chapter 3 HABP Configuration 3 3 To do Use the command Remarks Display statistics on HABP packets display habp traffic Available in any...

Page 38: ...ding packets for that host z If the packets from the infected host need processing by the CPU the switch decreases the precedence of such packets and discards the packets already delivered to the CPU...

Page 39: ...d is 30 record times threshold is 1 and isolate time is 3 Note The correlations among the arguments of the system guard ip detect threshold command can be clearly described with this example If you se...

Page 40: ...10 second monitoring cycle the system will not send trap or log information in the next 10 second monitoring cycle 4 2 3 Enabling Layer 3 Error Control Follow these steps to enable Layer 3 error contr...

Reviews:

No comments

Related manuals for S3100-52P

Quick TMS Manual Of Installation And Use preview
TMS
Brand: Quick Pages: 28
Cables to Go 40020 Instruction Manual preview
40020
Brand: Cables to Go Pages: 4
Edimax GS-1016 Datasheet preview
GS-1016
Brand: Edimax Pages: 2
ORVIBO ZigBee Mini Hub Faq preview
ZigBee Mini Hub
Brand: ORVIBO Pages: 3
S+S Regeltechnik Premasreg 716 Series Operating Instructions, Mounting & Installation preview
Premasreg 716 Series
Brand: S+S Regeltechnik Pages: 32
Saitek Hi-Speed USB 2.0 Hub User Manual preview
Hi-Speed USB 2.0 Hub
Brand: Saitek Pages: 14
W2IIHY 3 4 Operating Manual preview
3 4
Brand: W2IIHY Pages: 28
DigitalZone Sound Switcher Installation Manual preview
Sound Switcher
Brand: DigitalZone Pages: 20
Planet XGS-6350-12X8TR Quick Installation Manual preview
XGS-6350-12X8TR
Brand: Planet Pages: 16
MiLAN MIL-S500 User Manual preview
MIL-S500
Brand: MiLAN Pages: 12
Edge-Core Wedge-16X-AC Quick Start Manual preview
Wedge-16X-AC
Brand: Edge-Core Pages: 2
Eaton XTCE095F F47 Series Instruction Leaflet preview
XTCE095F F47 Series
Brand: Eaton Pages: 2
3onedata IES2010 Series Quick Installation Manual preview
IES2010 Series
Brand: 3onedata Pages: 2
Eaton Pow-R-Line CS Instruction Manual preview
Pow-R-Line CS
Brand: Eaton Pages: 20
Globalmediapro ECRAFT SMART HOME Series Quick Start Manual preview
ECRAFT SMART HOME Series
Brand: Globalmediapro Pages: 4
Rose electronics Orion XC OXS-XC008-FS Installation And Operation Manual preview
Orion XC OXS-XC008-FS
Brand: Rose electronics Pages: 132
ZyXEL Communications XGS-4728F User Manual preview
XGS-4728F
Brand: ZyXEL Communications Pages: 426
CYP CSC-5500CVE Operation Manual preview
CSC-5500CVE
Brand: CYP Pages: 40

Brands by name

Popular brands

Load more brands