Command Line Interface Reference Guide

aaa

 

 

switch does not try to acquire a supplicant after a failed authentication attempt(default 60 seconds).

o 'tx-period' sets the period of time the switch waits to retransmit the next EAPOL PDU during an authentication session (default 30 seconds).

o 'server-timeout' sets the period of time after which the switch assumes that authentication has timed out (default 30 seconds).

o 'supp-timeout' sets the period of time after which the switch decides that a supplicant has not responded to an EAP request (default 30 seconds).

o 'max-requests' sets maximum number of times the switch retransmits a request to the backend authentication system (RADIUS server) before closing the current authentication session (default 2).

o 'reauth-period' sets the period of time after which connected clients must be re-authenticated. When the timeout

is set to 0 the re-authentication is disabled (default 0 seconds).

o 'auth-vid' configures the VLAN to which to move port after successful authentication. RADIUS server can override the value. Use 'no' form of the command to set this PVID to 0. If the PVID set to 0 no PVID changes occure unless RADIUS server requests. Changes take effect after client reauthentication. The default is 0.

o 'unauth-vid' configures the VLAN to which to move port if an unauthorized client has been connected on the port and there is no other client on the port. The switch will wait for the amount of time specified as the 'unauth-period' before the port will be moved to this VLAN. If the port PVID successfully set to the value configured, the port becomes unblocked and the client can communicate to other members of this VLAN. Use 'no' form of the command to set this PVID to 0. Changes take effect immediately. The default is 0.

o 'unauth-period' sets period of time the switch waits for authentication before assigning the 'unauth-vid' to the port if an unauthenticated client has been detected on this port. The default is 0 seconds.

o 'logoff-period' sets period of time after which a client will be considered removed from the port for a lack of activity. The default is 300 seconds.

o 'client-limit' sets the maximum number of clients to allow on the port. This includes ALL clients (authenticated and unauthenticated).

NOTE: No more than 32 unique client MAC addresses can be authorized by both 802.1X and MAC/web-based authentication together on the same port.

The 'no... client-limit' command allows unlimited number of clients on the port. Authenticator makes no distinction between clients and operates port as a single protocol entity with

© 2009 Hewlett-Packard Development Company, L.P.

29