802.1X Global configuration

Command: /cfg/l2/8021x/global

[802.1X Global Configuration Menu]

mode

-

Set

access control mode

qtperiod -

Set

EAP-Request/Identity quiet time interval

txperiod - Set EAP-Request/Identity retransmission timeout suptmout - Set EAP-Request retransmission timeout

svrtmout

- Set server authentication request timeout

maxreq

- Set max number of EAP-Request retransmissions

raperiod

- Set reauthentication time interval

reauth

- Set reauthentication status to on or off

default

- Restore default 802.1X

configuration

cur

- Display current 802.1X

configuration

The global 802.1X menu allows you to configure parameters that affect all ports in the switch (except management port 17). The following table describes the 802.1X Global Configuration Menu options.

Table 106 802.1X Global Configuration Menu options

CommandDescription

mode force- unauthautoforce- auth

Sets the type of access control for all ports:

force-unauth- the port is unauthorized unconditionally.

auto - the port is unauthorized until it is successfully authorized by the RADIUS server.

 

force-auth- the port is authorized unconditionally, allowing all traffic.

 

The default value is force-auth.

 

 

qtperiod <0-65535>

Sets the time, in seconds, the authenticator waits before transmitting an EAP-

 

Request/ Identity frame to the supplicant (client) after an authentication failure in

 

the previous round of authentication. The default value is 60 seconds.

 

 

txperiod <1-65535>

Sets the time, in seconds, the authenticator waits for an EAP-Response/Identity

 

frame from the supplicant (client) before retransmitting an EAP-Request/Identity

 

frame. The default value is 30 seconds.

 

 

suptmout <1-65535>

Sets the time, in seconds, the authenticator waits for an EAP-Response packet

 

from the supplicant (client) before retransmitting the EAP-Request packet from the

 

authentication server. The default value is 30 seconds.

 

 

svrtmout <1-65535>

Sets the time, in seconds, the authenticator waits for a response from the Radius

 

server before declaring an authentication timeout. The default value is 30

 

seconds.

 

The time interval between transmissions of the RADIUS Access-Request packet

 

containing the supplicant’s (client’s) EAP-Response packet is determined by the

 

current setting of /cfg/sys/radius/timeout (default is 3 seconds).

 

 

maxreq <1-10>

Sets the maximum number of times the authenticator retransmits an EAP-Request

 

packet to the supplicant (client). The default value is 2.

 

 

raperiod <1-604800>

Sets the time, in seconds, the authenticator waits before re-authenticating a

 

supplicant (client) when periodic re-authentication is enabled. The default value

 

is 3600 seconds.

 

 

reauth onoff

Sets the re-authentication status to on or off. The default value is off.

 

 

default

Resets the global 802.1X parameters to their default values.

 

 

cur

Displays current global 802.1X parameters.

 

 

 

Configuration Menu 137

Page 136 Page 138
Page 137
Image 137
HP BMD00022 manual 802.1X Global configuration, Command /cfg/l2/8021x/global, CommandDescription
Page 136 Page 138
Top Page Image Contents