This function needs the cooperation of iNode client and a iMC server.

z

z

The iNode client needs to capable of detecting multiple network adapters, proxies, and IE proxies. The iMC server is configured to disable the use of multiple network adapters, proxies, or IE proxies.

By default, an iNode client program allows use of multiple network adapters, proxies, and IE proxies. In this case, if the iMC server is configured to disable use of multiple network adapters, proxies, or IE proxies, it prompts the iNode client to disable use of multiple network adapters, proxies, or IE proxies through messages after the supplicant system passes the authentication.

z

z

The client-checking function needs the support of iNode client program.

To implement the proxy detecting function, you need to enable the function on both the iNode client program and the iMC server in addition to enabling the client version checking function on the device by using the dot1x version-checkcommand.

Checking the client version

With the iNode client version-checking function enabled, the device checks the version and validity of an iNode client to prevent unauthorized users or users with earlier versions of iNode client from logging in.

This function makes the device to send version-requesting packets again if the iNode client fails to send version-reply packet to the device when the version-checking timer times out.

The iNode client version-checking function needs the support of an iNode client program.

The Guest VLAN function

The Guest VLAN function enables supplicant systems that are not authenticated to access network resources in a restrained way.

The Guest VLAN function enables supplicant systems that do not have iNode client installed to access specific network resources. It also enables supplicant systems that are not authenticated to upgrade their iNode client programs.

With this function enabled:

z

z

z

The device sends authentication request (EAP-Request/Identity) packets to all the 802.1x-enabled ports.

After the maximum number retries have been made and there are still ports that have not sent any response back, the device will then add these ports to the Guest VLAN.

Users belonging to the Guest VLAN can access the resources of the Guest VLAN without being authenticated. But they need to be authenticated when accessing external resources.

Normally, the Guest VLAN function is coupled with the dynamic VLAN delivery function.

1-10

Page 231
Image 231
3Com WX3000 operation manual Checking the client version, Guest Vlan function