Command Line Interface Reference Guide

aaa

 

 

Usage: [no] aaa port-access <authenticator ... supplicant ...

web-based ... mac-based ...>

Description: Configure 802.1X (Port Based Network Access), MAC address based network access,

or web authentication based network access

on the device. You can configure authenticator, supplicant, MAC address based, or web authentication based network access on the device or device ports by specifying a corresponding keyword.

See 'aaa port-access authenticator help', 'aaa port-access supplicant help', 'aaa port-access mac-based help', and 'aaa port-access web-based help' for further details on authenticator, supplicant, MAC address based, and

web authentication based network access configuration.

Next Available Options:

gvrp-vlans-- Enable/disable the use of RADIUS-assigned dynamic (GVRP) VLANs(p. 34)

authenticator -- Configure 802(p. 28)

supplicant -- Manage 802 ([ethernet] PORT-LIST) (p. 51)

mac-based-- Configure MAC address based network authentication on the device or the device's port(s)(p. 37)

web-based-- Configure web authentication based network authentication on the device or the device's port(s)(p. 55)

PORT-LIST-- Manage general port security features on the device port(s). ([ethernet] PORT-LIST)

(p. 43)

PORT-LIST

[no] aaa port-access authenticator [ETHERNET] PORT-LIST

Manage 802.1X on the device port(s).

Next Available Options:

control < authorized auto unauthorized > -- Set the authenticator to Force Authorized, Force Unauthorized or Auto state (default Auto). (NUMBER) (p. 32)

quiet-period< 0 to 65535 > -- Set the period of time the switch does not try to acquire a supplicant (default 60 sec.). (NUMBER) (p. 47)

tx-period< 1 to 65535 > -- Set the period of time the switch waits until retransmission of EAPOL PDU (default 30 sec.). (NUMBER) (p. 53)

supplicant-timeout< 1 to 300 > -- Set the supplicant response timeout on an EAP request (default 30 sec.). (NUMBER) (p. 52)

server-timeout< 1 to 300 > -- Set the authentication server response timeout (default 30sec.). (NUMBER) (p. 50)

max-requests< 1 to 10 > -- Set maximum number of times the switch retransmits authentication requests (default 2). (NUMBER) (p. 39)

reauth-period< 0 to 9999999 > -- Set the re-authentication timeout (in seconds, default 0); set to '0' to disable re-authentication. (NUMBER) (p. 47)

auth-vid-- Configures VLAN where to move port after successful authentication (not configured by default).(p. 30)

unauth-vid-- Configures VLAN where to keep port while there is an unauthenticated client connected (not configured by default).(p. 53)

unauth-period< 0 to 255 > -- Set period of time the switch waits for authentication before moving the port to the VLAN for unauthenticated clients. (NUMBER) (p. 53)

© 2009 Hewlett-Packard Development Company, L.P.

43