KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

461

462

463

464

465

466

467

468

469

470

will not start another session until a client tries a new access attempt. If you are

using RADIUS authentication with two or three host servers, the switch will open a

session with each server, in turn, until authentication occurs or there are no more

servers to try. During the quietperiod (previous page), if any, you cannot reconfigure

this parameter. (Default: 2)

[reauth-period < 0 - 9999999 >]

Sets the period of time after which clients connected must be re-authenticated. When

the timeout is set to 0 the reauthentication is disabled (Default: 0 second)

[unauth-vid < vlan-id >]

Configures an existing static VLAN to be the Unauthorized- Client VLAN. This

enables you to provide a path for clients without supplicant software to download

the software and begin an authentication session. See “802.1X Open VLAN mode”

(page 342).

Syntax

aaa port-access authenticator < port-list >

[logoff-period]< 1 - 999999999 >

Configures the period of time the switch waits for client activity before removing

an inactive client from the port. (Default: 300 seconds)

[unauth-period < 0-255 >]

Specifies a delay in seconds for placing a port on the Unauthorized-Client VLAN.

This delay allows more time for a client with 802.1X supplicant capability to initiate

an authentication session. If a connected client does not initiate a session before

the timer expires, the port is assigned to the Unauthenticated-Client VLAN. (Default:

0 seconds)

[auth-vid < vid >]

Configures an existing, static VLAN to be the Authorized- Client VLAN. See “802.1X

Open VLAN mode” (page 342).

Configure the 802.1X Authentication Method

This task specifies how the switch authenticates the credentials provided by a supplicant connected

to a switch port configured as an 802.1X authenticator

You can configure local, chap-radius or eap-radius as the primary password authentication method

for the port-access method. You also need to select none or authorized as a secondary, or backup,

method.

aaa authentication port-access <chap-radius |eap-radius | local>

Configures local, chap-radius (MD5), or eap-radius as the primary password authentication method

for port-access. The default primary authentication is local. (Refer to the documentation for your

RADIUS server application.)

For switches covered in this guide, you must use the password port-access command to configure

the operator username and password for 802.1X access. See “General Setup Procedure for 802.1X

Access Control” on page 13-13 for more information.

[<none | authorized>]

Provides options for secondary authentication. The none option specifies that a backup authentication

method is not used. The authorized option allows access without authentication. (default: none).

Configuring Port-Based Access 461