H3C Technologies H3C Intelligent Management Center User Manual

93

−

Kick Out Mode—Disconnects the access user who fails any security check item defined in

the security policy, informs the user of the security vulnerability on the user endpoint, and
generates a security log.

−

Guest Mode—Disconnects the access user 5 minutes after the user fails any security check
item defined in the security policy, informs the user of the security vulnerability on the user

endpoint, and generates a security log.

If an operator has modified the settings, the user-defined settings apply.

{

Check Anti-Virus Software—Select this option if you want EAD to check the anti-virus software
on the user endpoint.

{

Check Required Processes—Select this option if you want EAD to check a process on the user
endpoint, and then enter the process name. Make sure the process name is the same as that in

the Windows Task Manager. This parameter takes effect on only Windows endpoints.

6.

Select Access Device Configuration.
The Access Device Configuration area appears.

7.

In the Access Device Configuration area, click Add Devices if your access device is not added to the

IMC platform. The page for adding devices to IMC appears. For more information, see HP
Intelligent Management Center v7.0 Enterprise and Standard Platform Administrator Guide.

8.

Select the authentication method to use: 802.1X Authentication or Portal Authentication. The page
refreshes to display the authentication parameters according to the authentication method you

select.

9.

If you selected 802.1X Authentication, configure the following parameters:

{

Access Device—Click Select Device and AuthN Port, and then in the popup window, select one
or more ports for which you want to enable 802.1X authentication.

To ensure successful configuration, make sure the selected ports are the bridge link type and
located on HP Comware, general HP, or general H3C devices.

{

Authentication Port—The Authentication Port area is automatically populated with the
description and alias of the ports you selected for 802.1X authentication.

10.

If you selected Portal Authentication, configure the following parameters:

{

Access Device—Click Select Device and AuthN Port, and then in the popup window, select one

port for which you want to enable portal authentication.

To ensure successful configuration, make sure the selected port is not a null or loopback port,
has an IP address configured, and is located on an HP Comware, general HP, or general H3C

device.

{

Network Mode—Select the network mode used by the access device. Select Layer 3 if Layer 3
devices exist between the endpoint user and the access device. Otherwise, select Directly

Connected.

{

Source Authentication Network—Enter the range of the IP addresses for which portal
authentication is permitted.

The access device uses this parameter to determine whether portal authentication is permitted

for the user. This parameter is required when Layer 3 is selected as the network mode.
Otherwise, it is optional.

{

Start/End IP in IP Address Group—Enter the start and end IP addresses of the IP address group
for which portal authentication is permitted.

UAM uses the IP address group to determine whether portal authentication is permitted for the
user. The IP address group cannot exceed the range of the source authentication network.