Command Line Interface Reference Guide

aaa

 

 

The first form of the command sets the

MAC address format which is common to all ports

The second form of the command enables, disables, or configures authentication on the device's individual ports.

o 'addr-format' sets the MAC address format to be used in the RADIUS request message (default no-delimiter).

o 'addr-limit' sets the maximum number of MAC addresses to allow on the port. This includes ALL addresses (authenticated and unauthenticated). The default is 1 MAC address.

NOTE: No more than 32 unique client MAC addresses can be authorized by both 802.1X and MAC/web-based authentication together on the same port.

o 'addr-moves' sets whether the MAC address can move between ports that also have 'addr-moves' enabled (default disabled - no moves allowed).

o 'quiet-period' sets the period of time during which the switch does not try to authenticate after a failed authentication attempt (default 60 seconds).

o 'server-timeout' sets the period of time after which the switch assumes that authentication has timed out (default 30 seconds).

o 'max-requests' sets the number of authentication attempts that must time out before authentication fails (default 3).

o 'logoff-period' sets the period of time of inactivity that the switch considers an implicit logoff (default 300).

o 'reauth-period' sets the period of time after which connected MAC addresses must be re-authenticated. When set to 0

the re-authentication is disabled (default 0).

o 'auth-vid' configures the VLAN to which to move a port

after successful authentication. RADIUS server can override the value. Use 'no' form of the command to set this PVID to 0. If the PVID is set to 0 no PVID changes occur unless RADIUS server requests. Changes take effect immediately. All clients must immediately re-authenticate. The default is 0.

o 'unauth-vid' configures the VLAN to which to move a port after failed authentication. Use 'no' form of the command to set this PVID to 0. Changes take effect immediately. The default is 0.

o 'reauthenticate' forces re-authentication of all clients present on a port.

Next Available Options:

mac-list1-- Manage MAC address based network authentication on the device port(s). ([ethernet] PORT-LIST) (p. 39)

© 2009 Hewlett-Packard Development Company, L.P.

38