Command Line Interface Reference Guide

aaa

 

 

web-based-- Configure authentication mechanism used to control web-based port access to the switch(p. 55)

mac-based-- Configure authentication mechanism used to control mac-based port access to the switch(p. 37)

num-attempts< 1 to 10 > -- Specify the maximum number of login attempts allowed(p. 42)

login -- Specify that switch respects the authentication server's privilege level(p. 36)

authenticator

aaa port-access authenticator

Usage: [no] aaa port-access authenticator active

[no] aaa port-access authenticator [ethernet] PORT-LIST

[control <authorizedautounauthorized> quiet-period <0-65535> tx-period <1-65535> supplicant-timeout <1-300> server-timeout <1-300> max-requests <1-10>

reauth-period <0-9999999> auth-vid VLAN-ID unauth-vid VLAN-ID unauth-period <0-255> logoff-period <1-999999999> client-limit [<1-32>]

initialize reauthenticate mac-addr MAC-ADDRESS clear-statistics]

Description: Configure 802.1X (Port Based Network Access) authentication on the device or the device's port(s).

The first form of the command activates or deactivates authentication on the device. By default, authentication is deactivated. 802.1X authentication does not run on the switch until you use this command to enable it.

The second form of the command enables, disables, or configures authentication on the device's individual ports.

While authentication is deactivated, access to the network is granted on all switch ports regardless of whether 802.1X is enabled on the port.

The 'no' keyword cannot be used with any of the optional parameters that follow PORT-LIST.

802.1X must be enabled on a port before any of the following optional parameters can be configured on the port.

o 'control' sets the authenticator to (Force) Authorized, (Force) Unauthorized or Auto state (default 'Auto').

-Auto: Grants network access to a connected device that supports 802.1X authentication and provides valid credentials.

-Authorized: Grants access to any devices connected to the port(s). In this case, the devices do not have to provide 802.1X credentials or support 802.1X authentication. (Also termed ''Force Authorized''.)

-Unauthorized: In this state, the port blocks access to any connected device, regardless of whether the device provides the correct credentials and has 802.1X support.

o 'quiet-period' sets the period of time during which the

© 2009 Hewlett-Packard Development Company, L.P.

28