HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 181

 
171 
To do… Use the command… Remarks 
Display information about users 
blacklisted due to authentication 
failure 
display password-control blacklist 
[ user-name name | ip ipv4-
address | ipv6 ipv6-address ] [ | 
{ begin | exclude | include } 
regular-expression ]  
Available in any view 
Delete users from the blacklist reset password-control blacklist [ 
user-name name ] Available in user view 
Clear history password records  
reset password-control history-
record [ user-name name | super 
[ level...

Page 182

 
172 
[Sysname] password-control aging 30 
# Set the minimum password update interval to 36 hours. 
[Sysname] password-control password update interval 36 
# Specify that a user can log in five times within 60 days after the password expires. 
[Sysname] password-control expired-user-login delay 60 times 5 
# Set the maximum account idle time to 30 days. 
[Sysname] password-control login idle-time 30 
# Refuse any password that contains the username or the reverse of the username. 
[Sysname]...

Page 183

 
173 
 User authentication timeout:         60 seconds 
 Maximum failed login attempts:       2 times 
 Login attempt-failed action:         Lock 
 Minimum password update time:        36 hours 
 User account idle-time:              30 days 
 Login with aged password:            5 times in 60 day(s) 
 Password complexity:                 Enabled (username checking) 
                                      Enabled (repeated characters checking) 
# Display the password control configuration information for...

Page 184

 
174 
HABP configuration 
HABP overview 
The HW Authentication Bypass Protocol (HABP) is intended to enable the downstream network devices of 
an  access  device to  bypass  802.1X  authentication  and  MAC  authentication  configured  on  the  access 
device. 
As  shown  in Figure  49,  802.1X  authenticator  Switch  A has  two  switches  attached  to  it: Switch  B  and 
Switch  C. On  Switch  A, 802.1X  authentication  is  enabled  globally  and  on  the  ports  connecting the 
downstream  network...

Page 185

 
175 
 CAUTION: 
 In a cluster, if a member switch with 802.1X authentication or MAC authentication enabled is attached with some 
other member switches of the cluster, you also need to configure HABP server on this device. Otherwise, the 
cluster management device will not be able to manage the devices attached to this member switch. 
 For more information about the cluster function, see the Network Management and Monitoring Configuration 
Guide.  
Configuring HABP 
Configuring the HABP server 
An...

Page 186

 
176 
To do… Use the command… Remarks 
Configure HABP to work in client 
mode undo habp server 
Optional 
HABP works in client mode by 
default. 
Specify the VLAN to which the 
HABP client belongs habp client vlan vlan-id 
Optional 
By default, an HABP client 
belongs to VLAN 1. 
 
 NOTE: 
The VLAN to which an HABP client belongs must be the same as that specified on the HABP server for 
transmitting HABP packets.  
Displaying and maintaining HABP 
To do… Use the command… Remarks 
Display HABP...

Page 187

 
177 
Figure 50 Network diagram for HABP configuration 
 
 
Configuration procedure 
1. Configure Switch A 
# Perform  802.1X  related  configurations on  Switch  A.  For  more  information  about  802.1X  configurations, 
see the chapter ―802.1X configuration.‖  
# Enable HABP. (Because HABP is enabled by default, this configuration is optional.) 
 system-view 
[SwitchA] habp enable 
# Configure HABP to work in server mode, and specify VLAN 1 for HABP packets. 
[SwitchA] habp server vlan 1 
# Set the...

Page 188

 
178 
Configurations on Switch C are similar to those on Switch B. 
4. Verify your configuration 
# Display HABP configuration information. 
 display habp 
Global HABP information: 
         HABP Mode: Server 
         Sending HABP request packets every 50 seconds 
         Bypass VLAN: 1 
# Display HABP MAC address table entries. 
 display habp table 
MAC             Holdtime  Receive Port 
001f-3c00-0030  53        GigabitEthernet1/0/2 
001f-3c00-0031  53        GigabitEthernet1/0/1

Page 189

 
179 
Public key configuration 
Asymmetric key algorithm overview 
Basic concepts 
 Algorithm: A set of transformation rules for encryption and decryption. 
 Plain text: Information without being encrypted. 
 Cipher text: Encrypted information. 
 Key:  A string  of  characters that controls the  transformation  between  plain  text  and  cipher  text. It is 
used in both the encryption and decryption. 
Key algorithm types 
The  information in  plain  text is  encrypted by  an  algorithm  with  the...

Page 190

 
180 
 Digital  signature—The sender signs  the  information  to  be  sent  by  encrypting  the  information  with 
its  own private  key.  A  receiver  decrypts  the  information  with the  senders  public  key and,  based  on 
whether the information can be decrypted, determines the authenticity of the information. 
The Revest-Shamir-Adleman  Algorithm (RSA), and the Digital  Signature  Algorithm  (DSA) are both 
asymmetric key algorithms. RSA can be used for data encryption/decryption and signature,...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals