A SERVICE OF

logo

Open as PDF
next previous
The rst form of the command sets the
MAC address format which is common to all ports
The second form of the command enables, disables, or
congures authentication on the device's individual ports.
o 'addr-format' sets the MAC address format to be used in the
RADIUS request message (default no-delimiter).
o 'addr-limit' sets the maximum number of MAC addresses to
allow on the port. This includes ALL addresses (authenticated
and unauthenticated). The default is 1 MAC address.
NOTE: No more than 32 unique client MAC addresses can be
authorized by both 802.1X and MAC/web-based
authentication together on the same port.
o 'addr-moves' sets whether the MAC address can move
between ports that also have 'addr-moves' enabled
(default disabled - no moves allowed).
o 'quiet-period' sets the period of time during which the
switch does not try to authenticate after a failed
authentication attempt (default 60 seconds).
o 'server-timeout' sets the period of time after which the
switch assumes that authentication has timed out
(default 30 seconds).
o 'max-requests' sets the number of authentication attempts
that must time out before authentication fails (default 3).
o 'logoff-period' sets the period of time of inactivity that
the switch considers an implicit logoff (default 300).
o 'reauth-period' sets the period of time after which connected
MAC addresses must be re-authenticated. When set to 0
the re-authentication is disabled (default 0).
o 'auth-vid' congures the VLAN to which to move a port
after successful authentication. RADIUS server can
override the value. Use 'no' form of the command to set
this PVID to 0. If the PVID is set to 0 no PVID changes
occur unless RADIUS server requests. Changes take effect
immediately. All clients must immediately re-authenticate.
The default is 0.
o 'unauth-vid' congures the VLAN to which to move a port
after failed authentication. Use 'no' form of the command
to set this PVID to 0. Changes take effect immediately.
The default is 0.
o 'reauthenticate' forces re-authentication
of all clients present on a port.
Next Available Options:
mac-list1 -- Manage MAC address based network authentication on the device port(s). ([ethernet]
PORT-LIST) (p. 39)
38© 2009 Hewlett-Packard Development Company, L.P.
aaaCommand Line Interface Reference Guide