KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

451

452

453

454

455

456

457

458

459

460

Example 23 This example enables ports A10-A12 to operate as authenticators, and

then configures the ports for user-based authentication.

HP Switch(config)# aaa port-access authenticator a10-A12

client-limit 4

Example 24 This example enables ports A13-A15 to operate as authenticators, and then configures

the ports for port-based authentication.

HP Switch(config)# aaa port-access authenticator a13-a15

HP Switch(config)# no aaa port-access authenticator a13-a15 client-limit

Reconfigure Settings for Port-Access

The commands in this section are initially set by default and can be reconfigured as needed.

Syntax

aaa port-access authenticator < port-list>

[control < authorized | auto | unauthorized>]

Controls authentication mode on the specified port:

authorized: Also termed “Force Authorized”. Gives access to a device connected

to the port. In this case, the device does not have to provide 802.1X credentials or

support 802.1X authentication. (You can still configure console, Telnet, or SSH

security on the port.) auto (the default): The device connected to the port must support

802.1X authentication and provide valid credentials to get network access.

(Optional: You can use the Open VLAN mode to provide a path for clients without

802.1X supplicant software to down-load this software and begin the authentication

process. See “802.1X Open VLAN mode” (page 342).) unauthorized: Also termed

“Force Unauthorized”. Do not grant access to the network, regardless of whether

the device provides the correct credentials and has 802.1X support. In this state,

the port blocks access to any connected device.

[quiet-period < 0 - 65535 >]

Sets the period during which the port does not try to acquire a supplicant. The

period begins after the last attempt authorized by the max-requests parameter fails

(next page). (Default: 60 seconds)

[tx-period < 0 - 65535 >]

Sets the period the port waits to retransmit the next EAPOL PDU during an

authentication session. (Default: 30 seconds)

[supplicant-timeout < 1 - 300 >]

Sets the period of time the switch waits for a supplicant response to an EAP request.

If the supplicant does not respond within the configured time frame, the session

times out. (Default: 30 seconds)

[server-timeout < 1 - 300 >]

Sets the period of time the switch waits for a server response to an authentication

request. If there is no response within the configured time frame, the switch assumes

that the authentication attempt has timed out. Depending on the current max-requests

setting, the switch will either send a new request to the server or end the

authentication session. (Default: 30 seconds)

[max-requests < 1 - 10 >]

Sets the number of authentication attempts that must time-out before authentication

fails and the authentication session ends. If you are using the Local authentication

option, or are using RADIUS authentication with only one host server, the switch

460 Port-Based and User-Based Access Control (802.1X)