■ web-based -- Configure authentication mechanism used to control web-based port access to
the switch(p. 55)
■ mac-based -- Configure authentication mechanism used to control mac-based port access to
the switch(p. 37)
■ num-attempts < 1 to 10 > -- Specify the maximum number of login attempts allowed(p. 42)
■ login -- Specify that switch respects the authentication server's privilege level(p. 36)
authenticator
■ aaa port-access authenticator
Usage: [no] aaa port-access authenticator active
[no] aaa port-access authenticator [ethernet] PORT-LIST
[control <authorized|auto|unauthorized> | quiet-period <0-65535> |
tx-period <1-65535> | supplicant-timeout <1-300> |
server-timeout <1-300> | max-requests <1-10> |
reauth-period <0-9999999> | auth-vid VLAN-ID | unauth-vid VLAN-ID |
unauth-period <0-255> | logoff-period <1-999999999> |
client-limit [<1-32>] |
initialize | reauthenticate mac-addr MAC-ADDRESS | clear-statistics]
Description: Congure 802.1X (Port Based Network Access) authentication
on the device or the device's port(s).
The rst form of the command activates or deactivates
authentication on the device. By default, authentication is
deactivated. 802.1X authentication does not run on the switch
until you use this command to enable it.
The second form of the command enables, disables, or
congures authentication on the device's individual ports.
While authentication is deactivated, access to the network
is granted on all switch ports regardless of whether
802.1X is enabled on the port.
The 'no' keyword cannot be used with any of the optional
parameters that follow PORT-LIST.
802.1X must be enabled on a port before any of the following
optional parameters can be congured on the port.
o 'control' sets the authenticator to (Force) Authorized,
(Force) Unauthorized or Auto state (default 'Auto').
- Auto: Grants network access to a connected device that
supports 802.1X authentication and provides valid
credentials.
- Authorized: Grants access to any devices connected to
the port(s). In this case, the devices do not have
to provide 802.1X credentials or support 802.1X
authentication. (Also termed ''Force Authorized''.)
- Unauthorized: In this state, the port blocks access to
any connected device, regardless of whether the
device provides the correct credentials and has
802.1X support.
o 'quiet-period' sets the period of time during which the
28© 2009 Hewlett-Packard Development Company, L.P.
aaaCommand Line Interface Reference Guide
