Command Line Interface Reference Guide

aaa

 

 

secondary < local none authorized > -- Specify the backup authentication method for access control. (p. 48)

web-based-- Configure authentication mechanism used to control web-based port access to the switch (p. 55)

primary < chap-radius peap-mschapv2 > -- Specify the primary authentication method for access control. (p. 44)

secondary < none authorized > -- Specify the backup authentication method for access control. (p. 48)

aaa authorization -- Configure authorization parameters on the switch (p. 30)

commands -- Configure exec (shell) commands authorization. (p. 31)

primary_method < radius none > --(p. 47)

aaa port-access-- Configure 802 (p. 42)

authenticator -- Configure 802 (p. 28)

active -- Activate/deactivate 802.1X authenticator. (p. 27)

PORT-LIST-- Manage 802.1X on the device port(s). ([ethernet] PORT-LIST) (p. 43)

auth-vid-- Configures VLAN where to move port after successful authentication (not configured by default). (p. 30)

VLAN-ID-- Configures VLAN where to move port after successful authentication (not configured by default). (VLAN-ID) (p. 54)

clear-statistics-- Clear the authenticator statistics. (p. 31)

client-limit-- Set the maximum number of clients to allow on the port. (p. 31)

NUMBER-OF-CLIENTS< 1 to 32 > -- Set the maximum number of clients to allow on the port. (NUMBER) (p. 42)

control < authorized auto unauthorized > -- Set the authenticator to Force Authorized, Force Unauthorized or Auto state (default Auto). (NUMBER) (p. 32)

initialize -- Reinitialize the authenticator state machine. (p. 35)

logoff-period< 1 to 999999999 > -- Set period of time after which a client will be considered removed from the port for a lack of activity. (NUMBER) (p. 36)

max-requests< 1 to 10 > -- Set maximum number of times the switch retransmits authentication requests (default 2). (NUMBER) (p. 39)

quiet-period< 0 to 65535 > -- Set the period of time the switch does not try to acquire a supplicant (default 60 sec.). (NUMBER) (p. 47)

reauthenticate -- Force re-authentication to happen. (p. 47)

reauth-period< 0 to 9999999 > -- Set the re-authentication timeout (in seconds, default 0); set to '0' to disable re-authentication. (NUMBER) (p. 47)

server-timeout< 1 to 300 > -- Set the authentication server response timeout (default 30sec.). (NUMBER) (p. 50)

supplicant-timeout< 1 to 300 > -- Set the supplicant response timeout on an EAP request (default 30 sec.). (NUMBER) (p. 52)

tx-period< 1 to 65535 > -- Set the period of time the switch waits until retransmission of EAPOL PDU (default 30 sec.). (NUMBER) (p. 53)

unauth-period< 0 to 255 > -- Set period of time the switch waits for authentication before moving the port to the VLAN for unauthenticated clients. (NUMBER) (p. 53)

unauth-vid-- Configures VLAN where to keep port while there is an unauthenticated client connected (not configured by default). (p. 53)

VLAN-ID-- Configures VLAN where to keep port while there is an unauthenticated client connected (not configured by default). (VLAN-ID) (p. 54)

gvrp-vlans-- Enable/disable the use of RADIUS-assigned dynamic (GVRP) VLANs (p. 34)

mac-based-- Configure MAC address based network authentication on the device or the device's port(s) (p. 37)

addr-format< no-delimiter single-dash multi-dash ... > -- Set the MAC address format to be used in the RADIUS request message (default no-delimiter).(p. 27)

© 2009 Hewlett-Packard Development Company, L.P.

23