Command Line Interface Reference Guide

aaa

 

 

Description: Configure web authentication based network authentication on the device or the device's port(s).

The first form of the command sets the dhcp address, dhcp lease, or ewa server parameters

which are common to all ports

The second form of the command enables, disables, or configures authentication on the device's individual ports.

o 'dhcp-addr' sets the base address / mask for the temporary pool used by DHCP (base address default is 192.168.0.0, mask default is 24 - 255.255.255.0)

o 'dhcp-lease' sets the lease length of the temporary IP address issued by DHCP (default 10)

o 'ewa-server' sets the ip address or hostname of the enhanced web auth server used to serve custom login pages for web auth

o 'page-path' sets the path of the login pages to be found on the ewa server

o 'client-limit' sets the maximum number of clients to allow on the port. This includes ALL clients (authenticated and unauthenticated). The default is 1 client.

NOTE: No more than 32 unique client MAC addresses can be authorized by both 802.1X and MAC/web-based authentication together on the same port.

o 'client-moves' sets whether the client can move between ports that also have 'client-moves' enabled (default disabled - no moves allowed).

o 'ssl-login' sets whether to enable SSL logins (https on port 443). If enabled, logins to plaintext http (port 80) are redirected to https port. The default is disabled.

o 'redirect-url' sets the URL that the user should be redirected to after successful login (default none) Specify url up to 103 characters length.

o 'quiet-period' sets the period of time during which the switch does not try to authenticate after a failed authentication attempt (default 60 seconds).

o 'server-timeout' sets the period of time after which the switch assumes that authentication has timed out (default 30 seconds).

o 'max-requests' sets the number of authentication attempts that must time out before authentication fails (default 3)

o 'max-retries' sets number of times a client can enter their credentials before authentication is considered to have failed (default 3).

o 'logoff-period' sets the period of time of inactivity that

© 2009 Hewlett-Packard Development Company, L.P.

56