KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

111

112

113

114

115

116

117

118

119

120

• show LMA configuration

HP-Switch# show port-access local-mac config

HP-Switch# show port-access local-mac config <port-number> detailed

[Note: per port]

• show LMA enabled ports

HP-Switch# show port-access local-mac

HP-Switch# show port-access local-mac <port-number>

[Note: per port]

• show per port local mac client details

HP-Switch# show port-access local-mac <port-number> client [detailed]

• show mac-entry and mac-group association

HP-Switch# show port-access local-mac association

Configuration commands

The configuration strategy below shows the configuration commands that LMA supports. All LMA

commands can be prefixed with [no]. For port based commands, a VLAN must be created.

1. Enable local mac authentication on switch port ‘1’

HP-Switch(config)#aaa port-access local-mac 1

2. Create mac-group, ‘ip-phone-grp’ for IP phones. The newly created group becomes editable.

So, the user can add/delete mac-oui from the mac-group.

HP-Switch(config)#aaa port-access local-mac mac-group ip-phone-grp

or create mac-group, ‘hpphone-grp’, from the default (factory-shipped) ‘hp-ip-phones’ group

HP-Switch(config)#aaa port-access local-mac mac-group default

hp-ip-phones hpphones-grp

Note: To determine the factory-shipped default mac-groups, use

show port-access local-mac mac-group default

3. Associate mac-address, 005557-9B688B to a mac-group, hpphone-grp

HP-Switch(config)#aaa port-access local-mac mac-group hpphones-grp

mac-addr005557-9B688B

4. Create LMA profile, ip-phone-prof, with attributes, tagged vlan, 2, untagged vlan, 3 and cos

HP-Switch(config)#aaa port-access local-mac profile ip-phone-prof

vlan tagged 2 untagged 3 CoS2

5. Associate LMA profile, ip-phone-prof, to a mac-group, hpphone-grp

HP-Switch(config)#aaa port-access local-mac apply profile

ip-phone-prof mac-group hpphone-grp

Per-port attributes

LMA per-port attributes are used to apply attributes for the clients authenticated through LMA

profiles. HP switches support different per-port values for different authentication methods (802.1x,

mac-based and web-based) configured on the same port.

• Configure unauthenticated period

HP-Switch(config)#aaa port-access local-mac 1 unauth-period 300

• Configure quiet period

HP-Switch(config)#aaa port-access local-mac 1 quiet-period 70

Configure logoff period

HP-Switch(config)#aaa port-access local-mac 1 logoff-period 400

Configure AuthVid

118 Local MAC Authentication