Configuring user endpoint settings, Configuring endpoint aging time parameters, Configuring user – H3C Technologies H3C Intelligent Management Center User Manual

583

{

Heartbeat Timeouts—Set the time permitted for heartbeat timeout. A policy server determines

that the heartbeat times out if it does not receive any heartbeat packet from an iNode client
within the heartbeat interval. If the heartbeat timeouts exceeds the specified value, the policy

server determines that the iNode client is abnormal.

{

Packet Compression and Encryption—Configure the packet compression and encryption feature.
If you select Enable, policy servers exchange compressed and encrypted communication

packets with iNode clients. If you select Disable, the communication packets are neither
compressed nor encrypted. The feature can prevent errors that occur during transmission of

extra-large packets, and can also enhance communication security. Always enable this feature

expect for troubleshooting and maintaining your policy servers.

5.

Click OK.

Configuring user endpoint settings

User endpoint settings include global parameters for transparent portal authentication and transparent
MAC authentication.
To configure user endpoint settings:

1.

Click the User tab.

2.

Select User Access Policy > Service Parameters > System Settings from the navigation tree.
The list includes all the system settings.

3.

Click the Configure icon for User Endpoint Settings.

4.

Configure the following user endpoint settings:

{

Transparent MAC Authentication—Select Enable or Disable for transparent MAC authentication
on endpoints.

{

Max. Device for Single Account—Specify the number of devices that can be associated with
each account for transparent MAC authentication.

{

Transparent Portal Authentication on Nonsmart Devices—Select Enable or Disable for
transparent portal authentication on nonsmart devices. If it is disabled, a user must pass

transparent portal authentication on a smart device. If it is enabled, a user can pass transparent

portal authentication on any mobile device.

{

Log off User with Endpoint Conflict—Select Yes or No to allow or reject user transparent MAC

authentication when an endpoint conflict occurs.

UAM compares the method (iNode, DHCP, User Agent, or MAC) to obtain the endpoint
information (vendor, endpoint type, and operating system) with that recorded in the endpoint

list. If different endpoint information is obtained through the same method, UAM considers it

an endpoint conflict.

5.

Click OK.

Configuring endpoint aging time parameters

The endpoint aging time determines how long a MAC-to-account binding is valid for a login session on

the endpoint. When the binding expires, the endpoint must be re-authenticated through anonymous

MAC authentication and transparent MAC authentication to access the network again.
UAM removes expired MAC-to-account bindings at 00:00 every day.